From 7823d466d6d556c42f465ad813f803a83e0acf38 Mon Sep 17 00:00:00 2001 From: Julian Ospald Date: Thu, 7 Oct 2021 22:45:07 +0200 Subject: [PATCH] Clarify GPG verification --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a6ffbe23459aa9..53c45fc40042b8 100644 --- a/README.md +++ b/README.md @@ -251,6 +251,7 @@ Below are some examples: # install ``` +- **Note:**: verifying the gpg signature of the hash file only is as secure as verifying the signature of the data itself and common practice (given that it's a strong hash) - **Alternate**: *full key fingerprint imported to apt which will check signatures and checksums when packages are downloaded and installed.* ```Dockerfile