diff --git a/FAQ.md b/FAQ.md index 9408fdf..21a8b2e 100644 --- a/FAQ.md +++ b/FAQ.md @@ -118,7 +118,7 @@ Here is the workflow you should use for verifying commits or tags: Primary key fingerprint: ABA9 B8F6 F448 B07F D7EA 4A1A 05D4 0A63 6AFA B34D ```` - If you get a message that the signature is untrusted you may have skipped step 2. Now you should check the fingerprint shows in the output. If no one is shown you have to check the key with `gpg --list-public-keys --fingerprint` as mentioned above. + If you get a message that the signature is untrusted you may have skipped step 2. Now you should check the fingerprint shown in the output. If no one is shown you have to check the key with `gpg --list-public-keys --fingerprint` as mentioned above. 4. For subsequent updates it is enough to just run `git pull --verify-signatures`. It will check the signatures automatically and will notify you if a commit is not signed by a trusted PGP key. Note that if you skipped step 2 the imported key is not trusted and the command may fail too. In this case you can just do a usual `git pull` and then use the steps explained above to verify the signature.