-\define{versionidpgpkeys} \versionid $Id$
-
\A{pgpkeys} PuTTY download keys and signatures
\cfg{winhelp-topic}{pgpfingerprints}
-We create \i{PGP signatures} for all the PuTTY
+\I{verifying new versions}We create \i{PGP signatures} for all the PuTTY
files distributed from our web site, so that users can be confident
that the files have not been tampered with. Here we identify
our public keys, and explain our signature policy so you can have an
This description is provided as both a web page on the PuTTY site, and
an appendix in the PuTTY manual.
-As of the next release, all of the PuTTY executables will contain
-\#{XXX-REMOVE-BEFORE-RELEASE: fix this up for forthcoming release
-As of release 0.58, all of the PuTTY executables contain}
-fingerprint material (usually accessed via the \i\c{-pgpfp}
-command-line option), such that if you have an executable you trust,
-you can use it to establish a trust path, for instance to a newer
-version downloaded from the Internet.
+As of release 0.58, all of the PuTTY executables contain fingerprint
+material (usually accessed via the \i\c{-pgpfp} command-line
+option), such that if you have an executable you trust, you can use
+it to establish a trust path, for instance to a newer version
+downloaded from the Internet.
(Note that none of the keys, signatures, etc mentioned here have
anything to do with keys used with SSH - they are purely for verifying
\W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-rsa.asc}{Snapshot key}
\lcont{
-Master Key: 1024-bit; fingerprint:
+Master Key: 1024-bit; \I{PGP key fingerprint}fingerprint:
\cw{8F\_15\_97\_DA\_25\_30\_AB\_0D\_\_88\_D1\_92\_54\_11\_CF\_0C\_4C}
}
The actual snapshots are built on a team member's home Windows box.
The keys themselves are stored on an independently run Unix box
-(the same one that hosts our Subversion repository). After
+(the same one that hosts our Git repository). After
being built, the binaries are uploaded to this Unix box and then
signed automatically.
projects / PuTTY.git / blobdiff