<div dir="ltr"><div class="gmail_default" style="font-size:small;color:rgb(51,51,153)">Hello,<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 28, 2013 at 9:27 AM, Sergey Budnevitch <span dir="ltr"><<a href="mailto:sb@waeme.net" target="_blank">sb@waeme.net</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="im"><br>
On 28  Jun2013, at 10:15 , Phil Pennock <<a href="mailto:nginx%2Bphil@spodhuis.org">nginx+phil@spodhuis.org</a>> wrote:<br>
<br>
> On 2013-06-27 at 11:41 -0400, B.R. wrote:<br>
>> The Nginx website's page <<a href="http://nginx.org/en/linux_packages.html" target="_blank">http://nginx.org/en/linux_packages.html</a>> on Linux<br>
>> packages provides you with the key file address:<br>
>> <a href="http://nginx.org/en/linux_packages.html" target="_blank">http://nginx.org/en/linux_packages.html</a><br>
><br>
> You mean:<br>
>  <a href="http://nginx.org/keys/nginx_signing.key" target="_blank">http://nginx.org/keys/nginx_signing.key</a><br></div></blockquote><div><br><div class="gmail_default" style="font-size:small;color:rgb(51,51,153);display:inline">

​You are right... Copy-paste trouble... :o)<br>​</div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="im">
><br>
> (And if you import a file retrieved over plain http straight into your<br>
> trust anchors with no further verification, you have other problems).<br></div></blockquote><div><br><div class="gmail_default" style="font-size:small;color:rgb(51,51,153)">​You are​ right, that what people <i>shall</i> do (and they also shall not pass).<br>

</div><div class="gmail_default" style="font-size:small;color:rgb(51,51,153)">However, I was merely summing up the steps provided before which were not mentioning that either. But you're right: there is one step missing.<br>

</div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="im">
<br>
</div>We've added short explanation with links to gpg docs about how<br>
and why pgp signatures should be checked:<br>
<br>
<a href="http://nginx.org/en/linux_packages.html#signatures" target="_blank">http://nginx.org/en/linux_packages.html#signatures</a><br></blockquote><div><br><div class="gmail_default" style="font-size:small;color:rgb(51,51,153);display:inline">

​The link to Dewinter's website is broken.<br></div><div class="gmail_default" style="font-size:small;color:rgb(51,51,153);display:inline">Maybe would you like to replace it with <a href="http://www.gnupg.org/documentation/howtos.en.html">http://www.gnupg.org/documentation/howtos.en.html</a>?​<br>

<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class=""><div class="h5"><br>
<br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</div></div></blockquote></div><br><font size="1"><span style="color:rgb(102,102,102)">---<br></span><b><span style="color:rgb(102,102,102)">B. R.</span></b><span style="color:rgb(102,102,102)"></span></font>
</div></div>