download-vulnerability-list documentation insufficience

To: tech-pkg%NetBSD.org@localhost
Subject: download-vulnerability-list documentation insufficience
From: Hubert Feyrer <hubert%feyrer.de@localhost>
Date: Mon, 14 Jul 2008 02:17:10 +0200 (CEST)


download-vulnerability-list's manpage says, for the -s switch:

     -s            Verify the signature of the current pkg-vulnerabilities
                   file.  In order for this to function correctly you will
                   need to add the pkgsrc Security Team key to your gpg
                   keyring and trust it.  The key is available from:
                   
ftp.netbsd.org/pub/NetBSD/security/PGP/pkgsrc-security%NetBSD.org.asc@localhost
                   In addition to this the gpg binary must be installed on
                   your system.  The path to the gpg binary can be set in
                   audit-packages.conf(5).

I think it would be nice to *not* assume everyone knows how to add a keyto a keyring, and give the proper command to run. What is it?


Also, the path to the file given should either be an url or host:/path.


 - Hubert

Follow-Ups:
- Re: download-vulnerability-list documentation insufficience
  - From: Joerg Sonnenberger

Prev by Date: Re: dependency explosion
Next by Date: Re: remove emacs nox11 packages?
Previous by Thread: dependency explosion
Next by Thread: Re: download-vulnerability-list documentation insufficience
Indexes:

Home | Main Index | Thread Index | Old Index