Skip site navigation (1) Skip section navigation (2)

Re: location of md5 files ...

From: Greg Stark <gsstark(at)mit(dot)edu>
To: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, Josh Berkus <josh(at)postgresql(dot)org>, PostgreSQL www <pgsql-www(at)postgresql(dot)org>
Subject: Re: location of md5 files ...
Date: 2009-12-14 21:56:59
Message-ID: 407d949e0912141356y7a7ca502i104b6ea8fec609a4@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-www
On Mon, Dec 14, 2009 at 8:00 PM, Alvaro Herrera
<alvherre(at)commandprompt(dot)com> wrote:
>> Ideally, we should serve up the MD5s from an SSL enabled webserver.
>> Something to think about for the future.
>
> Shouldn't we distribute the MD5 signatures along the release message,
> which should itself be signed with some appropriate GPG key?

That sounds right to me. Even if it's not signed I can go check the
various mail archives to verify that other people saw the same
signatures and nobody else complained about a spoofed file.


-- 
greg

In response to

pgsql-www by date

Next:From: Lacey PowersDate: 2009-12-15 08:14:33
Subject: Re: archives and search.pg.org scheduled maintenance
Previous:From: Alvaro HerreraDate: 2009-12-14 20:00:58
Subject: Re: location of md5 files ...

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group