Wording on the kernel guide

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
This commit is contained in:
Konstantin Ryabitsev 2018-01-25 12:04:31 -05:00
parent 6747fadc24
commit 319a4729a3
No known key found for this signature in database
GPG Key ID: 34BAB80AF9F247B8
1 changed files with 9 additions and 8 deletions

View File

@ -859,17 +859,18 @@ default in GnuPG v2). To set it, add (or modify) the `trust-model` setting in
#### Learn to use keyservers (more) safely #### Learn to use keyservers (more) safely
If, despite setting `auto-key-retrieve`, you still get a `public key not If, despite setting `auto-key-retrieve`, you still get a "No public key" error
found` error when trying to validate someone's tag, then you should attempt to when trying to validate someone's tag, then you should attempt to lookup that
lookup that key using a keyserver. It is important to keep in mind that there key using a keyserver. It is important to keep in mind that there is
is absolutely no guarantee that the key you retrieve from a keyserver belongs absolutely no guarantee that the key you retrieve from a keyserver belongs to
to the actual person -- that much is by design. You are supposed to use the the actual person -- that much is by design. You are supposed to use the Web
Web of Trust to establish key validity. of Trust to establish key validity.
How to properly maintain the Web of Trust is beyond the scope of this How to properly maintain the Web of Trust is beyond the scope of this
document, simply because doing it properly requires both effort and dedication document, simply because doing it properly requires both effort and dedication
that tends to be beyond the caring threshold of most human beings. Here are that tends to be beyond the caring threshold of most human beings. Here are
some shortcuts that will help reduce the risk of importing a malicious key. some shortcuts that will help you reduce the risk of importing a malicious
key.
First, let's say you've tried to run `git verify-tag` but it returned an error First, let's say you've tried to run `git verify-tag` but it returned an error
saying the key is not found: saying the key is not found:
@ -888,7 +889,7 @@ finding out the ID of the master key it is associated with):
gpg: data source: hkp://keys.gnupg.net gpg: data source: hkp://keys.gnupg.net
(1) Chen-Yu Tsai <wens@...org> (1) Chen-Yu Tsai <wens@...org>
4096 bit RSA key C94035C21B4F2AEB, created: 2017-03-14, expires: 2019-03-15 4096 bit RSA key C94035C21B4F2AEB, created: 2017-03-14, expires: 2019-03-15
Keys 1-1 of 1 for "DA73759BF8619E484E5A3B47389A54219C0F2430". Enter number(s), N)ext, or Q)uit > Keys 1-1 of 1 for "DA73759BF8619E484E5A3B47389A54219C0F2430". Enter number(s), N)ext, or Q)uit > q
Locate the ID of the master key in the output, in our example Locate the ID of the master key in the output, in our example
`C94035C21B4F2AEB`. Now say `q` and display the key of Linus Torvalds that you `C94035C21B4F2AEB`. Now say `q` and display the key of Linus Torvalds that you