From 9bd661815e56e75aa8eb84a5cfe625bb80c5a2e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Re=C5=9Fat=20SABIQ?= Date: Sat, 4 Apr 2020 15:31:39 +0600 Subject: [PATCH 1/4] doc: additional note in README(.md) informing users that it is advised to import the full set of trusted release keys (rather than an individual key) Additional README.md update Fixes: nodejs#32559 --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c7fe50e2e95278..4b8e0082466166 100644 --- a/README.md +++ b/README.md @@ -565,7 +565,9 @@ GPG keys used to sign Node.js releases: * **Shelley Vohr** <shelley.vohr@gmail.com> `B9E2F5981AA6E0CD28160D9FF13993A75599653C` -To import the full set of trusted release keys: +To avoid nuances involved in verification of a sub-key possibly used to sign a +release, it is advised to import the full set of trusted release keys (rather +than an individual key used to sign a release): ```shell gpg --keyserver pool.sks-keyservers.net --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C From 2e103edd278ef23183878cffd4fd151aa1ccbab2 Mon Sep 17 00:00:00 2001 From: haqer1 Date: Thu, 9 Apr 2020 11:12:30 +0600 Subject: [PATCH 2/4] doc: apply suggestion from code review This leaves a bit more between the lines, but makes the verbiage shorter. Co-Authored-By: Rich Trott --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 4b8e0082466166..669f92075064e7 100644 --- a/README.md +++ b/README.md @@ -566,8 +566,7 @@ GPG keys used to sign Node.js releases: `B9E2F5981AA6E0CD28160D9FF13993A75599653C` To avoid nuances involved in verification of a sub-key possibly used to sign a -release, it is advised to import the full set of trusted release keys (rather -than an individual key used to sign a release): +release, import the full set of trusted release keys: ```shell gpg --keyserver pool.sks-keyservers.net --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C From 945cce5fb06cb451a96888e36dc292b144c332d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Re=C5=9Fat=20SABIQ?= Date: Wed, 28 Oct 2020 15:28:01 +0600 Subject: [PATCH 3/4] doc: additional note in README(.md) informing users that it is advised to import the full set of trusted release keys (rather than an individual key) (reconciled with another suggestion from code review) The OP finds his original suggestion more descriptive & more user-friendly, but prefers to move on since that suggestion is stalled in favor of much shorter verbiage Co-Authored-By: Myles Borins Fixes: nodejs#32559 --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 669f92075064e7..1798cd39b1b83d 100644 --- a/README.md +++ b/README.md @@ -565,8 +565,7 @@ GPG keys used to sign Node.js releases: * **Shelley Vohr** <shelley.vohr@gmail.com> `B9E2F5981AA6E0CD28160D9FF13993A75599653C` -To avoid nuances involved in verification of a sub-key possibly used to sign a -release, import the full set of trusted release keys: +To import the full set of trusted release keys (including subkeys possibly used to sign releases): ```shell gpg --keyserver pool.sks-keyservers.net --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C From 69d81a9c3c9c8b2cf29637efcbe20ffba6037505 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Re=C5=9Fat=20SABIQ?= Date: Wed, 28 Oct 2020 15:35:35 +0600 Subject: [PATCH 4/4] doc: additional note in README(.md) informing users that it is advised to import the full set of trusted release keys (rather than an individual key) (reconciled with another suggestion from code review) The OP finds his original suggestion more descriptive & more user-friendly, but prefers to move on since that suggestion is stalled in favor of much shorter verbiage. This version also splits the line at 80 characters to comply with lint-md. Co-Authored-By: Myles Borins Fixes: nodejs#32559 --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1798cd39b1b83d..71537d93c08e83 100644 --- a/README.md +++ b/README.md @@ -565,7 +565,8 @@ GPG keys used to sign Node.js releases: * **Shelley Vohr** <shelley.vohr@gmail.com> `B9E2F5981AA6E0CD28160D9FF13993A75599653C` -To import the full set of trusted release keys (including subkeys possibly used to sign releases): +To import the full set of trusted release keys (including subkeys possibly used +to sign releases): ```shell gpg --keyserver pool.sks-keyservers.net --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C