“
two forms of distribution, each release has a PGP signature file associated withit.* Prior to V8.11, this was a single signature file used to verify the uncompressed file, meaning that you needed to uncompress the tar(1) file before verifying it. Beginning with V8.11, there is a signature file for each of the compressed files, so there is no need to uncompress either first. The signature file has the same name as the distribution file but with a literal . sig suffix added.sendmail.8.14.1. tar.gz ← the distribution file sendmail.8.14.1. tar.gz.sig ← the signature file for this distribution file sendmail.8.14.1. tar.Z ← the distribution file sendmail.8.14.1. tar.Z.sig ← the signature file for this distribution file If you have not already done so for an earlier sendmail distribution, you must now download and install the PGPKEYS file from sendmail.org: ftp://ftp.sendmail.org/pub/sendmail/P... After downloading this file, add the keys in it to your PGP key ring with a command like this: pgp -ka PGPKEYS ← for pgp version 2. x pgpk -a PGPKEYS ← for pgp version 5. x gpg --import PGPKEYS ← for gpg If you use gpg(1), your output may look something like this: % gpg --import PGPKEYS gpg: key 16F4CCE9: "Sendmail Security " 22 new signatures gpg: key 7093B841: public key "Sendmail Signing Key/2007 " imported gpg: key AF959625: "Sendmail Signing Key/2006 " 7 new signatures gpg: key 1EF99251: "Sendmail Signing Key/2005 " 9 new signatures gpg: key 95F61771: "Sendmail Signing Key/2004 " 7 new signatures gpg: key 396F0789: "Sendmail Signing Key/2003 " 27 new signatures gpg: key 678C0A03: "Sendmail Signing Key/2002 " 13 new signatures * How public key cryptography is used to sign a file is described in §5.2 on page 1992.2 Download the Source | 43 This is the Title of the Book, eMatter Edition Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
”
”