| From: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net> |
|---|---|
| To: | pgsql-www(at)postgresql(dot)org |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Josh Berkus <josh(at)postgresql(dot)org> |
| Subject: | Re: location of md5 files ... |
| Date: | 2009-12-18 21:45:54 |
| Message-ID: | 200912181645.55556.xzilla@users.sourceforge.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On Wednesday 16 December 2009 11:14:22 Peter Eisentraut wrote:
> On mån, 2009-12-14 at 17:00 -0300, Alvaro Herrera wrote:
> > Magnus Hagander wrote:
> > > Yes.
> > >
> > > Ideally, we should serve up the MD5s from an SSL enabled webserver.
> > > Something to think about for the future.
> >
> > Shouldn't we distribute the MD5 signatures along the release message,
> > which should itself be signed with some appropriate GPG key?
>
> Someone was doing this a while ago on their own.
>
Greg Mullane was the one who used to do it.
> But the usual argument for the md5 files in the past was to catch
> download mistakes, not security.
Yes, though it would be nice to see us worry about both.
--
Robert Treat
Conjecture: http://www.xzilla.net
Consulting: http://www.omniti.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Smith | 2009-12-19 07:50:03 | Re: Advertising on the community blog |
| Previous Message | Joshua D. Drake | 2009-12-18 21:33:41 | Re: Advertising on the community blog |