On Mon, Dec 14, 2009 at 8:00 PM, Alvaro Herrera
>> Ideally, we should serve up the MD5s from an SSL enabled webserver.
>> Something to think about for the future.
> Shouldn't we distribute the MD5 signatures along the release message,
> which should itself be signed with some appropriate GPG key?
That sounds right to me. Even if it's not signed I can go check the
various mail archives to verify that other people saw the same
signatures and nobody else complained about a spoofed file.
In response to
pgsql-www by date
|Next:||From: Lacey Powers||Date: 2009-12-15 08:14:33|
|Subject: Re: archives and search.pg.org scheduled maintenance|
|Previous:||From: Alvaro Herrera||Date: 2009-12-14 20:00:58|
|Subject: Re: location of md5 files ...|