Skip to content

Commit 6a8065f

Browse files
FiloSottileFiloSottile
committed
SIGSUM.md: update policy for v1.3.0
Updates #617
1 parent 50a600e commit 6a8065f

File tree

2 files changed

+8
-15
lines changed

2 files changed

+8
-15
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,7 @@ On Windows, Linux, macOS, and FreeBSD you can use the pre-built binaries.
151151

152152
```
153153
https://dl.filippo.io/age/latest?for=linux/amd64
154-
https://dl.filippo.io/age/v1.1.1?for=darwin/arm64
154+
https://dl.filippo.io/age/v1.3.0?for=darwin/arm64
155155
...
156156
```
157157

SIGSUM.md

Lines changed: 7 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
1-
If you download the pre-built binaries, you can check their
1+
If you download the pre-built binaries of version v1.2.0+, you can check their
22
[Sigsum](https://www.sigsum.org) proofs, which are like signatures with extra
33
transparency: you can cryptographically verify that every proof is logged in a
4-
public append-only log, so you can hold the age project accountable for every
4+
public append-only log, so the age project can be held accountable for every
55
binary release we ever produced. This is similar to what the [Go Checksum
66
Database](https://go.dev/blog/module-mirror-launch) provides.
77

@@ -10,20 +10,13 @@ cat << EOF > age-sigsum-key.pub
1010
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1WpnEswJLPzvXJDiswowy48U+G+G1kmgwUE2eaRHZG
1111
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAz2WM5CyPLqiNjk7CLl4roDXwKhQ0QExXLebukZEZFS
1212
EOF
13-
cat << EOF > sigsum-trust-policy.txt
14-
log 154f49976b59ff09a123675f58cb3e346e0455753c3c3b15d465dcb4f6512b0b https://poc.sigsum.org/jellyfish
15-
witness poc.sigsum.org/nisse 1c25f8a44c635457e2e391d1efbca7d4c2951a0aef06225a881e46b98962ac6c
16-
witness rgdd.se/poc-witness 28c92a5a3a054d317c86fc2eeb6a7ab2054d6217100d0be67ded5b74323c5806
17-
group demo-quorum-rule all poc.sigsum.org/nisse rgdd.se/poc-witness
18-
quorum demo-quorum-rule
19-
EOF
2013
21-
curl -JLO "https://dl.filippo.io/age/v1.2.0?for=darwin/arm64"
22-
curl -JLO "https://dl.filippo.io/age/v1.2.0?for=darwin/arm64&proof"
14+
curl -JLO "https://dl.filippo.io/age/v1.3.0?for=darwin/arm64"
15+
curl -JLO "https://dl.filippo.io/age/v1.3.0?for=darwin/arm64&proof"
2316
24-
go install sigsum.org/sigsum-go/cmd/sigsum-verify@v0.8.0
25-
sigsum-verify -k age-sigsum-key.pub -p sigsum-trust-policy.txt \
26-
age-v1.2.0-darwin-arm64.tar.gz.proof < age-v1.2.0-darwin-arm64.tar.gz
17+
go install sigsum.org/sigsum-go/cmd/sigsum-verify@v0.13.1
18+
sigsum-verify -k age-sigsum-key.pub -P sigsum-generic-2025-1 \
19+
age-v1.3.0-darwin-arm64.tar.gz.proof < age-v1.3.0-darwin-arm64.tar.gz
2720
```
2821

2922
You can learn more about what's happening above in the [Sigsum

0 commit comments

Comments
 (0)