diff options
author | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2021-04-01 15:02:53 -0400 |
---|---|---|
committer | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2021-04-01 15:02:53 -0400 |
commit | d1cd4e85906155b4a99c362c370e23e530ce461a (patch) | |
tree | be3bf8226ad5c1f11e89ac4be36dadea869d2908 | |
parent | b303c731387107a9f2755275dedcc685bfc8c030 (diff) | |
download | korg-helpers-d1cd4e85906155b4a99c362c370e23e530ce461a.tar.gz |
Tweak sig-prover header (instructions)
Mention that it can be run as a simple background process.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
-rwxr-xr-x | sig-prover.py | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/sig-prover.py b/sig-prover.py index 74c3c44..ab5469c 100755 --- a/sig-prover.py +++ b/sig-prover.py @@ -1,10 +1,14 @@ #!/usr/bin/env python3 +# # This script will check random content published on www.kernel.org/pub against # authorized signatures to identify when corruption or substitution happens. The name # comes from the Russian word /proveryat/, meaning "to verify". # -# The script it supposed to be fire-and-forget, running in a screen session or as a -# systemd service, with reports sent to admin@kernel.org. +# The script it supposed to be fire-and-forget, running in a screen session, as +# a background task, or as a systemd service, with reports sent to admin@kernel.org. +# +# E.g. (after you play with it to verify that it's doing the right thing): +# ./sig-prover -c sig-prover.conf -q & # # CAUTION: # This script is not a guaranteed mechanism to detect intrusion -- an @@ -14,7 +18,7 @@ # adding random delays between retrieving the tarball and the detached # signature, setting a referrer value, etc. However, even with added # measures, it will always act fairly predictably, so there will always -# remain a way to defeat it. +# remain a way to detect and defeat it. # # If you download tarballs from kernel.org for any purpose, you should # always run your own verification on each downloaded file. |