アップすることを忘れてた。
-------------------------------------------
内容は
[Announce] [security fix] GnuPG 1.4.14 released
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
注)
* If you already have a trusted version of GnuPG installed, you
can simply check the supplied signature. For example to check the
signature of the file gnupg-1.4.14.tar.bz2 you would use this command:
gpg --verify gnupg-1.4.14.tar.bz2.sig
This checks whether the signature file matches the source file.
You should see a message indicating that the signature is good and
made by that signing key. Make sure that you have the right key,
either by checking the fingerprint of that key with other sources
or by checking that the key has been signed by a trustworthy other
key. Note, that you can retrieve the signing key using the command
finger wk ,at' g10code.com | gpg --import
or using a keyserver like
gpg --recv-key 4F25E3B6
The distribution key 4F25E3B6 is signed by the well known key
1E42B367. If you get an key expired message, you should retrieve a
fresh copy as the expiration date might have been prolonged.
NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!
* If you are not able to use an old version of GnuPG, you have to verify
the SHA-1 checksum. Assuming you downloaded the file
gnupg-1.4.14.tar.bz2, you would run the sha1sum command like this:
sha1sum gnupg-1.4.14.tar.bz2
and check that the output matches the first line from the
following list:
6202181ba2871fb3448c751a573b4ae0c4770806 gnupg-1.4.14.tar.bz2
607691dd42a24f39fd74dded20375c4c0bc47d2c gnupg-1.4.14.tar.gz
e7623a6b8b6de00d3788246d3e51fde1ce7b5897 gnupg-1.4.13-1.4.14.diff.bz2
ac9e89240ce37810febf59e28db655d1271b2fea gnupg-w32cli-1.4.14.exe
