commit 4f005bef8f0addc6d6d906e04fb8960aed432ffc
parent aa6c0d74369cc41edaed30a69f0aa9dfbff87cf8
Author: Vincent Forest <vincent.forest@meso-star.com>
Date: Thu, 28 Sep 2017 16:18:26 +0200
Update the PGP signature part
Diffstat:
2 files changed, 5 insertions(+), 7 deletions(-)
diff --git a/Makefile b/Makefile
@@ -13,7 +13,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-SOLSTICE-VERSION=0.6.0
+SOLSTICE-VERSION=0.6.1
.PHONY: default
default: all
diff --git a/pgp_signature.html.in b/pgp_signature.html.in
@@ -1,6 +1,4 @@
-<div id=pgp></div>
-<h2>PGP signatures</h2>
-
+<h2 id=pgp>PGP signatures</h2>
<p>The Solstice archives are cryptographically signed using <a
href="https://en.wikipedia.org/wiki/Pretty_Good_Privacy#How_PGP_encryption_works">
@@ -55,9 +53,9 @@ Primary key fingerprint: 20EB E4CF 3D9F 4B9A E55D 5F59 679F 2975 93B2 C8A2
<p>Note that GnuPG warns that the key is not certified. In other words you
cannot be sure that the key used to sign the archive really belongs to the
-owner. The best option is to meet the owner in real life and ask for him about
-the key validity. More simply, but also less secure, you could try to contact
-him by phone or e-mail, or review the list of signatures of the public key, and
+owner. The best option is to physically meet the actual owner and ask for him
+about the key validity. More simply, you can also review the list of signatures
+of the key with <code>gpg --list-sigs</code> and
then make a decision whether you <a
href="https://www.gnupg.org/gph/en/manual/x334.html">trust</a> that key or
not.</p>
