Re: location of md5 files ...

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, Josh Berkus <josh(at)postgresql(dot)org>, PostgreSQL www <pgsql-www(at)postgresql(dot)org>
Subject: Re: location of md5 files ...
Date: 2009-12-16 16:14:22
Message-ID: 1260980062.3310.14.camel@fsopti579.F-Secure.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-www

On mån, 2009-12-14 at 17:00 -0300, Alvaro Herrera wrote:
> Magnus Hagander wrote:
> > Yes.
> >
> > Ideally, we should serve up the MD5s from an SSL enabled webserver.
> > Something to think about for the future.
>
> Shouldn't we distribute the MD5 signatures along the release message,
> which should itself be signed with some appropriate GPG key?

Someone was doing this a while ago on their own.

But the usual argument for the md5 files in the past was to catch
download mistakes, not security.

In response to

Responses

Browse pgsql-www by date

  From Date Subject
Next Message webmaster 2009-12-17 14:00:01 PostgreSQL moderation report: 2009-12-17
Previous Message Dan Langille 2009-12-16 15:43:04 Re: pgcon.org?