Skip site navigation (1) Skip section navigation (2)

Re: location of md5 files ...

From: Dave Page <dpage(at)pgadmin(dot)org>
To: Josh Berkus <josh(at)postgresql(dot)org>
Cc: PostgreSQL www <pgsql-www(at)postgresql(dot)org>
Subject: Re: location of md5 files ...
Date: 2009-12-14 19:59:16
Message-ID: 937d27e10912141159q16a13c0of96fdf9d8cb9bafb@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-www
On Mon, Dec 14, 2009 at 7:23 PM, Josh Berkus <josh(at)postgresql(dot)org> wrote:
> WWW team,
>
> Does Otto have a point?

Yes. From a security perspective, the md5's are useless when
distributed alongside the binaries. That's why I GPG sign my releases
of pgAdmin and the MSI installer - noone else can recreate those
signatures.

There is potentially some benefit to having them there to allow the
user to verify they have a good download though, for example, in the
event of an error untarring.

-- 
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com

In response to

pgsql-www by date

Next:From: Magnus HaganderDate: 2009-12-14 19:59:24
Subject: Re: location of md5 files ...
Previous:From: Josh BerkusDate: 2009-12-14 19:23:18
Subject: location of md5 files ...

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group