Re: [Exim] OpenPGP signatures on Exim releases

Top Page
Delete this message
Reply to this message
Author: Phil Chambers
Date:  
To: exim-users
Subject: Re: [Exim] OpenPGP signatures on Exim releases
On Wed, 9 Oct 2002 17:15:24 +0100 (BST) Philip Hazel <ph10@???> wrote:

> On 9 Oct 2002, Jeffrey C. Ollie wrote:
>
> > Even better would be to get a web of trust going between Philip and some
> > of the more active Exim users/contributors. Unfortunately, I don't
> > travel very much, and most people have very little reason to travel to
> > my little corner of the planet, so I've never been able to properly join
> > a web of trust.
>
> I don't travel all that much, and although I do now possess a laptop
> (hmm, it's a whole year now since I got it), I mainly use it just for
> presentations. But I guess I could be taught how to carry around things
> for signing etc. But not till the book is done. :-)
>
> --
> Philip Hazel            University of Cambridge Computing Service,


This does seem to be going over the top rather. If the MD5 hash can be displayed on
both the ftp site and the web site then I think there would be very little prospect
of that value being compromised. Someone would have to compromise both the ftp site
and the web site and if someone periodically checked both it would be apparent it
that had happened. We are not talking about national security here!

Phil.
---------------------------------------
Phil Chambers (postmaster@???)
University of Exeter