So... If you're asking, "How do I verify this release?", the following
should help answer your question.. I assume you're doing this on OpenBSD.
First, download either the entire directory or the following files: SHA512*,
one or both of etsh-5.4.0.tar.[gx]z depending on whether you use gzip(1) or
xz(1), etsh-v6shell.pub (a copy of the signify public key for etsh (v6shell)
and related projects), and readme-verify_release (this file).
Then, do this (step(s) 1 and/or 2)...
1):
% signify -C -p etsh-v6shell.pub -x SHA512.sig
Signature Verified
etsh-5.4.0.tar.gz: OK
etsh-5.4.0.tar.xz: OK
and you're set; otherwise, if you're not on OpenBSD, this
or a variation of it with the available tools..
2):
% sha512 -C SHA512 etsh-5.4.0.tar.gz etsh-5.4.0.tar.xz
(SHA512) etsh-5.4.0.tar.gz: OK
(SHA512) etsh-5.4.0.tar.xz: OK
will at least tell you if your downloads were successful
and without corruption. I do both steps 1 and 2 myself.
And... You can flip the order if you wish to do so..
That is to say: Not 1 and 2 .. But 2 and 1 .. It shouldn't matter either
way .. But we can't really be sure .. Thus, I'll simply
leave you with one last thought ... =)
