I think it would be better considering another thing:
Signature is useful if you trust the author, and you have no
knowledges on the subject.
If it is a source program it is up to you to check that it has no
backdoor and does no harmfult things.
This remind a very recent (Fide days old) story in my departmente.
Someone got a virus viua email. His e-mail program said that
included scripts and if he want to open or read as a plain e-mail.
Gues waht he didd ... then the other invoked program told that the
propgramn he was to run was not microsoft certified and so any
bad thing could happen (did you ever seen this warning on 2000 or
XP when installing some driver ?)
He answered .. and suddenly got his hard drive formatted ....
Do you think it would care about signature ?
On 9 Oct 2002, at 11:51, Philip Hazel wrote:
> On Wed, 9 Oct 2002, Florian Weimer wrote:
>
> > In the wake of the recent trojans, it might be a very good idea to
> > cryptopgraphically sign Exim source code releases (and the release
> > announcements).
>
> For many years I have published the MD5 checksums with every
> announcement.
>
> Do you need more? If so, it will take time for me to obtain, install,
> learn about, and use cryptographic signing software. Not to mention
> organizing the appropriate keys.
>
> --
> Philip Hazel University of Cambridge Computing Service,
> ph10@??? Cambridge, England. Phone: +44 1223 334714.
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/ ##
>
--
Leonardo Boselli
Nucleo Informatico e Telematico del Dipartimento Ingegneria Civile
Universita` di Firenze , V. S. Marta 3 - I-50139 Firenze
tel +39 0554796431 cell +39 3488605348 fax +39 055495333
http://www.dicea.unifi.it/~leo
