added signed snapshots

Author: hut

download.html

@@ -58,6 +58,38 @@ <h3>Get ranger with git</h3>
 
 <p> <hr /> </p>
 
+<h3 id="signed">Signed Packages</h3>
+
+If you want to be sure of the authenticity of the snapshot, please download <a href="ranger-stable.tar.gz">ranger-stable.tar.gz</a> and its <a href="ranger-stable.tar.gz.sig">signature</a>, then verify the signature with the author's public key: <a href="huterich.gpg">huterich.gpg</a>.<br />
+<br />
+<div class="code">gpg --import huterich.gpg
+gpg --verify ranger-stable.tar.gz.sig
+</div>
+<br />
+If this prints '<i>Good signature from "huterich &lt;[email protected]&gt;"</i>', the signature was verified.  However, you can only trust the authenticity of the snapshot as much as you trust the authenticity of the public key. Please ensure that the key really belongs to Roman Zimbelmann alias hut by verifying it from multiple sources.  Once you are sure, you can sign the key with your own signature as described <a href="http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-3.html#ss3.6">here</a> to avoid the warning that says "This key is not certified with a trusted signature! There is no indication that the signature belongs to the owner."<br />
+<br />
+This is a list of all released packages since 1.2.2 with their signatures:
+<ul>
+  <!-- run ls *.tar.gz | sort -r | sed 's,\(.*\),<li><a href="\1">\1</a> - <a href="\1.sig">signature</a></li>,' -->
+<li><a href="ranger-stable.tar.gz">ranger-stable.tar.gz</a> - <a href="ranger-stable.tar.gz.sig">signature</a></li>
+<li><a href="ranger-1.5.5.tar.gz">ranger-1.5.5.tar.gz</a> - <a href="ranger-1.5.5.tar.gz.sig">signature</a></li>
+<li><a href="ranger-1.5.4.tar.gz">ranger-1.5.4.tar.gz</a> - <a href="ranger-1.5.4.tar.gz.sig">signature</a></li>
+<li><a href="ranger-1.5.3.tar.gz">ranger-1.5.3.tar.gz</a> - <a href="ranger-1.5.3.tar.gz.sig">signature</a></li>
+<li><a href="ranger-1.5.2.tar.gz">ranger-1.5.2.tar.gz</a> - <a href="ranger-1.5.2.tar.gz.sig">signature</a></li>
+<li><a href="ranger-1.5.1.tar.gz">ranger-1.5.1.tar.gz</a> - <a href="ranger-1.5.1.tar.gz.sig">signature</a></li>
+<li><a href="ranger-1.5.0.tar.gz">ranger-1.5.0.tar.gz</a> - <a href="ranger-1.5.0.tar.gz.sig">signature</a></li>
+<li><a href="ranger-1.4.4.tar.gz">ranger-1.4.4.tar.gz</a> - <a href="ranger-1.4.4.tar.gz.sig">signature</a></li>
+<li><a href="ranger-1.4.3.tar.gz">ranger-1.4.3.tar.gz</a> - <a href="ranger-1.4.3.tar.gz.sig">signature</a></li>
+<li><a href="ranger-1.4.2.tar.gz">ranger-1.4.2.tar.gz</a> - <a href="ranger-1.4.2.tar.gz.sig">signature</a></li>
+<li><a href="ranger-1.4.1.tar.gz">ranger-1.4.1.tar.gz</a> - <a href="ranger-1.4.1.tar.gz.sig">signature</a></li>
+<li><a href="ranger-1.4.0.tar.gz">ranger-1.4.0.tar.gz</a> - <a href="ranger-1.4.0.tar.gz.sig">signature</a></li>
+<li><a href="ranger-1.2.3.tar.gz">ranger-1.2.3.tar.gz</a> - <a href="ranger-1.2.3.tar.gz.sig">signature</a></li>
+<li><a href="ranger-1.2.2.tar.gz">ranger-1.2.2.tar.gz</a> - <a href="ranger-1.2.2.tar.gz.sig">signature</a></li>
+<!-- /run -->
+</ul>
+
+<hr />
+
 <h3>Package Managers</h3>
 
 <p>
@@ -72,6 +104,9 @@ <h3>Package Managers</h3>
 <p>
   <b>Gentoo</b>: Stable versions of ranger are in <a href="http://packages.gentoo.org/package/app-misc/ranger">Portage</a>
 </p>
+<p>
+  <b>FreeBSD</b>: py-ranger in the <a href="http://www.freebsd.org/cgi/cvsweb.cgi/ports/sysutils/py-ranger/">ports</a>
+</p>
 
 <!--get foot from index.html-->
 </div>

huterich.gpg

@@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+
+mQINBEyOeTcBEACwCWkaA9XTE+DtjaCj2mm1EXslelop0JQco+j/KC5haPsYJ0G3
+6lH/UpoXNfYw6B84QxILjodK/uKMk5+1RFS2YX/HoypMOobQLV9LHqo4TvRNmwWA
+u8K446nSE9CDx5yvWYkvj1HucV1GrKqNeDOPcbThRVOPasnwZwf5nmLaYWjn780t
+nhiWP8OR75/EceyJM2cryASrqgfWRKZoLLioRd67qUxi8zVG9nZIwxIx2OgWvW30
+VMsiMvHR6faSOFxBXecag/muu9y5kdYxYxK2YpWhNpxZq8H+dqx2l/0z45nom56A
+c1aeL3/QoBpBm7GIaeRgcFEHhKAZI3oOQhLmQ8pbJ9WabhdyA7xbsdNrzMGLQGkY
+qYMk3iwP129ciG9FyZlwqhW3WaQST7hGmC3QKfo+kGLiJZMox3QWKD/lPtmBt1Ax
+VtDzOq3rbI8ab4OGa7wWJWKOgP+XaCHwy5yIVaCXMuotBqfFR4HJDL8WzfosJ0Du
+/zjNDyGVER8iF5+Kq5tahtYmmK0T30HMPPvc1qMsZsFsCgVbmQqxr6PgcAvnlvTN
+UWqGwd3G0BeBGiJrxlWHOsUz94eWCM/DILE2F0Io5SQXpK8FQ0BjeaWGv+NkgYZ+
+WJ1wwcATgyGXD3GwABIwSZ8T/w55LRPP5R9sYd1SdlMHFeZ3SJ2Y8ZyC4QARAQAB
+tBpodXRlcmljaCA8aHV0QGxhdmFiaXQuY29tPokCOAQTAQIAIgUCTI55NwIbAwYL
+CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ8Izh4gD7XN+VehAAkntarXp6vJ7o
+TVhfCmBgl9WsNEKtvt8JfGVqXrd/mkVblEENKPTqXcC+TeO/n+hcXN7r0ZJEgGsH
+PBoz9uoShqpxCUYBCXKKf77ffMqemu3W2jNcCDN4+T4qWSGC+NHcjmutjg78bM7C
+sznRGV6mDl9civrDNxMx2iELEoBImhdMCl8b/a8mOHcHumzWps4xR0Bd0LNnnVzW
+k5TGLKxrRSa+Ee+MdhnZLFF5mth1Sgcrs4v+2mWMJD88oWcS9sjK48Wo3dvNiRVh
+6VkBGn60LcYT7ggo7T6mdF1ZdmDY6mQO/yJuwXICsO3rdOq58S3NrXrnvw7SLMmh
+5Wqu7xEjhVMgNmlI7yEmwd79wqW6qEDEP2Z8oe3t6CoSXvnF4LzJ5ibX1WDcES0V
+05eSMKk8rK9JS4h3ytpWvOOs+SI7OnggiIU4ed+jUKgxrtbxXkCc+CJaH5Ne3lmE
+JsifHGuRIqKld6nQK3bMNaNh2vFbvLOpH6BYKefDQblXIieKNpVVAfdzeSq3d3EX
+vG21v78Cfh4FM6nc6kIVYA1CRTyNElhgh6FwdcV1RUlrIQ4Zq+GJVnpDKucuWzAX
+980UjZlEZrZxGT+270Dqu2HpBPPhJsSoirvHGmMHTWnt/oUsIEC7ba0yh+y0jFR3
+fJYn6NjML9O0SGrMC8cBSVTa1tCG+VW5Ag0ETI55NwEQAKsMwBPyynHkFwnLX8LT
+RAY3L/+WRVpklg8dsAroQINf6b3k1gR1OApaRkr3zi2EX6cvCsIDxSvbDkt5Uwwg
+xAyTotQ704YZG28vIalanOv696uGL0A2jbW/otyMV92+unl19+h81gWzIR72Y8sD
+hNUgG7+GC3ThofT3+cMZ7LBZ0XkZENlHZsVIA9kySosjkBpJdUAm75SLWtIs95Lv
+drak17TPIixutCmV/pov3JBDkZIeK3gBlAltz70QkVx58JxLlC5BOUOYWjrX6hSc
+RAYAFdgi1M7C1PPwE4h6Y10KTfMm5FQeQJRWZy6nOFTsZ+1s/mj9t1/coUpWkZBm
+Sq87NoL/ySU4Pc1f6j3P+S/C1aohA7NMBcmw35pFK2GzVtwrU0wwPb6qjP4n48V3
+GWzgc1213ryXWFsvQoFoYUvr0lv7lROeckrUNn3QySKmvQOG6phIev8NQJaGtyNS
+TwIpI2wL++J/M3Z2wqmv/t+lKGFdMhxRyT1c1gF210fNy5FXPUdbOa5YV57j+dQG
+ViPyhTgVngUNP5lxfV9QN2sjw8quY/CJ1PWW0NyAPVII4SLUR2V2PcGgjnQE/5u/
+Smvt2C02csnOzVFobueHcosViRRNcWf4SAILxcQmA3pZ9vWvrEhpnHe47Mf/ZutY
+Fn55JEdsiMn6CcXa5SkdvS7xABEBAAGJAh8EGAECAAkFAkyOeTcCGwwACgkQ8Izh
+4gD7XN8s9RAAluMM4bHb7UO14mW/Fx5UhsmPKDFAlcaFCMOKhjtSqcwvJZwsqopy
+ovSojaASpcB3js6c8Fg+CvLkpVkZsNmMhtEU30mrs7CigOw84S9kQ9AbBukfOlN3
+Je7JjxqpMVvwgxmB26MwM9rAeuH+B0Pj7RLHn4gXvhZG+LdEISA/Iw8064hLBDYu
+SEw/C0h96lcibkZZQ+icSEujc+5BbqN/jYNzekjwer0fgM/15R8AKFAJhPgBf2rp
+G8B5Tplp66YpNIQj85HaTo4cHPvFEWkOaAl40L9AtOC87pJ/UrkhyNum7b7Q24hl
+tBggDVdv5SJCXImdtVfhPcB2u/pFEiyTul12tNBDkj+cUrVxEOW0q6ANZ+jZZTtf
+RIoK7zVx9+KcsT3sy/FHFjcjOPJN1u4b/bkdAMWu3rqWGIP9e84EW1dIGY770fqf
+qQr58jsXfWkFhNG450q4M1nYBHPJLIkOsh9bWvfR8wRQ8J3msZULDzfDltaSNF5g
+mtuRkjlzX+SMIGMEYalSp8+7ro+9DFKelCKTXHHgYlla5cqxdUATN4lLGudL0EgF
+ze6g5UxCwrtzbYacsssFdwsDC5D5VLkacfGF1z9bD41d2X3pP9SC6oH7aVzCJpJj
+Up/r2fxfLjO0bZyBApDhkv4ViP1ad0vK0BqfzyXf8yM1t1Y8A+Gpy94=
+=tjwk
+-----END PGP PUBLIC KEY BLOCK-----

index.html

@@ -29,16 +29,15 @@ <h2>Description</h2>
   <li>Latest stable version:
     <a href="http://nongnu.org/ranger/ranger-stable.tar.gz">ranger <!--run cat CHANGELOG | grep -m 1 -o '[0-9]\.[0-9]\.[0-9]'-->1.5.5<!--/run--></a>
     (<!--run cat CHANGELOG | grep -m 1 -o 20[0-9][0-9]-[0-9][0-9]-[0-9][0-9]-->2012-08-10<!--/run-->)
-  </li>
+    <li><a href="http://nongnu.org/ranger/ranger-stable.tar.gz.sig">signature</a> and <a href="http://nongnu.org/ranger/huterich.gpg">public key</a> for verification
   <li>git clone git://git.savannah.nongnu.org/ranger.git</li>
 </ul>
 <p>
   <a href="screenshots/screenshot0.png"><img src="screenshots/screenshot0thumb.png" title="Image: Screenshot 0" /></a>
   <br />
   <br />
-  A note to packagers:  Versions meant for packaging are listed in the changelog
-  and are usually announced on this
-  <a href="https://savannah.nongnu.org/news/atom.php?group=ranger">atom feed</a> and in
+  A note to packagers:  There are now signed packages available <a href="download.html#signed">here</a>, and new ones are announced on this
+  <a href="https://savannah.nongnu.org/news/atom.php?group=ranger">atom feed</a> and on
   the <a href="https://lists.nongnu.org/mailman/listinfo/ranger-users">mailing list</a>.
 </p>