Re: [Exim] OpenPGP signatures on Exim releases

Pàgina inicial
Aquest missatge és part del següent fil:
M------------\l'arbre de fils complet ordenat per data
M............MJeffrey C. Ollie en <-
M+++++++++++\MRalf G. R. Bergs en ->
Delete this message
Reply to this message
Autor: Jeffrey C. Ollie
Data:  
A: exim-users
Assumpte: Re: [Exim] OpenPGP signatures on Exim releases
On Wed, 2002-10-09 at 12:20, Phil Chambers wrote:
>
> This does seem to be going over the top rather. If the MD5 hash can be displayed on
> both the ftp site and the web site then I think there would be very little prospect
> of that value being compromised. Someone would have to compromise both the ftp site
> and the web site and if someone periodically checked both it would be apparent it
> that had happened. We are not talking about national security here!

I don't think that PGP signing software distributions is "over the top",
not anymore anyway. Just witness the recent OpenSSH debacle. Really,
once Philip gets set up and comfortable using gpg (or whatever) it will
only take a few minutes each time he creates a release, plus a little
time here and there maintaining his keys.

Of course, right now I'd rather see him finish the new edition of the
book, but hopefully after that he'll find some time to sit down and play
with PGP signing future releases.

Jeff




Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-Re: [Exim] retry timeout exceededRe: [Exim] step by step guide->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)