Tweak "check authenticity" answer.

author Rich Salz <rsalz@akamai.com>

Fri, 17 Jun 2016 13:46:34 +0000 (09:46 -0400)

committer Rich Salz <rsalz@akamai.com>

Fri, 17 Jun 2016 13:46:34 +0000 (09:46 -0400)
author Rich Salz <rsalz@akamai.com>
Fri, 17 Jun 2016 13:46:34 +0000 (09:46 -0400)
committer Rich Salz <rsalz@akamai.com>
Fri, 17 Jun 2016 13:46:34 +0000 (09:46 -0400)
diff --git a/docs/faq.txt b/docs/faq.txt

index 3a5065159145ef0af845122fec9a1ad64c6ddcfc..9953c23367e4a01d0063ea26fd73fc5d8a4fdb54 100644 (file)
--- a/docs/faq.txt
+++ b/docs/faq.txt
@@ -162,10 +162,10 @@ so that the special release is no longer necessary.
  
  * How do I check the authenticity of the OpenSSL distribution?
  
-We provide MD5 digests and ASC signatures of each tarball.
-Use MD5 to check that a tarball from a mirror site is identical:
+We provide PGP signatures and a variety of digests on each release.
+For example:
  
-   md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
+   sha1sum TARBALL | awk '{print $1;}' | cmp - TARBALL.sha1
  
  You can check authenticity using pgp or gpg. You need the OpenSSL team
  member public key used to sign it (download it from a key server, see a
author	Rich Salz <rsalz@akamai.com>
	Fri, 17 Jun 2016 13:46:34 +0000 (09:46 -0400)
committer	Rich Salz <rsalz@akamai.com>
	Fri, 17 Jun 2016 13:46:34 +0000 (09:46 -0400)