On Mon, Dec 14, 2009 at 7:23 PM, Josh Berkus <josh(at)postgresql(dot)org> wrote:
> WWW team,
> Does Otto have a point?
Yes. From a security perspective, the md5's are useless when
distributed alongside the binaries. That's why I GPG sign my releases
of pgAdmin and the MSI installer - noone else can recreate those
There is potentially some benefit to having them there to allow the
user to verify they have a good download though, for example, in the
event of an error untarring.
EnterpriseDB UK: http://www.enterprisedb.com
In response to
pgsql-www by date
|Next:||From: Magnus Hagander||Date: 2009-12-14 19:59:24|
|Subject: Re: location of md5 files ...|
|Previous:||From: Josh Berkus||Date: 2009-12-14 19:23:18|
|Subject: location of md5 files ...|