Updating spamassassin rules dating suggestions first date
When an archive is downloaded and the signature verified, sa-update requires that the signature be from one of these "release trusted" keys or else verification fails.
This prevents third parties from manipulating the files on a mirror, for instance, and signing with their own key.
--gpg, --nogpg sa-update by default will verify update archives by use of a SHA1 checksum and GPG signature.
SHA1 hashes can verify whether or not the downloaded archive has been corrupted, but it does not offer any form of security regarding whether or not the downloaded archive is legitimate (aka: non-modifed by evildoers).
GPG verification of the archive is used to solve that problem.
If you wish to skip GPG verification, you can use the --nogpg option to disable its use.
Use of the following gpgkey-related options will override --nogpg and keep GPG verification enabled.
BY file to be updated -D, --debug [area=n,...] Print debugging messages -v, --verbose Be more verbose, like print updated channel names -V, --version Print version -h, --help Print usage message , which has updated rules since the previous release.
--checkonly Only check if an update is available, don't actually download and install it. --install Install updates "offline", from the named file, instead of performing DNS lookups and HTTP invocations.
Files named file.sha1 and will be used for the SHA-1 and GPG signature, respectively.
--gpgkeyfile Similar to the --gpgkey option, except specify the additional keys in a file instead of on the commandline.
This is extremely useful when there are a lot of additional keys that you wish to trust.
By default, sa-update trusts key id "265FA05B", which is the standard Spam Assassin release key. See the --import option for how to add keys to sa-update's keyring.