[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-glpk] Re: .sig files

From: Andrew Makhorin
Subject: [Help-glpk] Re: .sig files
Date: Tue, 3 Feb 2004 18:53:12 +0300

>What are those .sig files at the glpk mirror sites? and how to unpack and
>use it?

.sig file is a digital signature created by GnuPG due to recent
requirements of the GNU Project. When a tarball is uploaded to the main
GNU ftp site, it goes there along with corresponding signature file
created with 'gpg -b foobar.tar.gz'. You can use the signature file and
the maintainer's public key to verify that corresponding tarball has not
been changed/cracked by someone else. (My public key which I use to sign
glpk tarballs can be found in the file 'AUTHORS' in glpk distribution.)
In practice it is absolutely impossible (until P != NP :+) to fake such
signature that prevents GNU software from unauthorized modifications.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]