| From: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Greg Copeland <greg(at)CopelandConsulting(dot)Net>, Curt Sampson <cjs(at)cynic(dot)net>, PostgresSQL Hackers Mailing List <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PGP signing release |
| Date: | 2003-02-12 04:55:28 |
| Message-ID: | 20030212005308.J43952@hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 11 Feb 2003, Bruce Momjian wrote:
>
> I hate to poo-poo this, but this "web of trust" sounds more like a "web
> of confusion". I liked the idea of mentioning the MD5 in the email
> announcement. It doesn't require much extra work, and doesn't require a
> 'web of %$*&" to be set up to check things. Yea, it isn't as secure as
> going through the motions, but if someone breaks into that FTP server
> and changes the tarball and MD5 file, we have much bigger problems than
> someone modifying the tarballs; our CVS is on that machine too.
Its so rare that it happens, but I do agree with Bruce :)
Justin, one thought ... storing the MD5s in the database for the
postgresql.org site, so that ppl can compare the two places? We'd
*really* have to be compromised for that to fail, but adding the md5s
would be easy enough ...
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dann Corbit | 2003-02-12 04:58:50 | Re: [HACKERS] PostgreSQL Tuning Results |
| Previous Message | Christopher Kings-Lynne | 2003-02-12 04:53:49 | PostgreSQL Tuning Results |