Add authenticity section in README

This commit is contained in:
Matéo Duparc 2021-05-31 14:44:05 +02:00
parent f9cd06f30f
commit a6f194092c
Signed by: hardcoresushi
GPG Key ID: 007F84120107191E

View File

@ -35,3 +35,37 @@ async-psec = "0.3"
# Documentation
The API documentation can be found [here](https://docs.rs/async-psec).
# Authenticity
If you want to use this crate in a critical project, I don't recommend to use [crates.io](https://crates.io). Instead, download the code from the repository:
```
git clone https://forge.chapril.org/hardcoresushi/async-psec
```
And add this to your Cargo.toml:
```toml
[patch.crates-io]
async-psec = { path = "<path to the async-psec folder>" }
```
All commits should be signed with my PGP key. __Don't use this crate if the verification fails !__
You can import my key from keyservers with:
```
gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 007F84120107191E
```
Fingerprint: `BD56 2147 9E7B 74D3 6A40 5BE8 007F 8412 0107 191E` \
Email: `Hardcore Sushi <hardcore.sushi@disroot.org>`
Once imported, verify the latest commit:
```
cd async-psec
git verify-commit HEAD
```
This should show you something like:
```
gpg: Signature made <date>
gpg: using RSA key BD5621479E7B74D36A405BE8007F84120107191E
gpg: Good signature from "Hardcore Sushi <hardcore.sushi@disroot.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BD56 2147 9E7B 74D3 6A40 5BE8 007F 8412 0107 191E
```