Quick Links

Re: PGP signing releases

From:	Greg Copeland <greg(at)CopelandConsulting(dot)Net>
To:	"Marc G(dot) Fournier" <scrappy(at)hub(dot)org>
Cc:	Neil Conway <neilc(at)samurai(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: PGP signing releases
Date:	2003-02-03 18:24:14
Message-ID:	1044296653.2788.55.camel@mouse.copelandconsulting.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Sun, 2003-02-02 at 20:23, Marc G. Fournier wrote:

> right, that is why we started to provide md5 checksums ...

md5 checksums only validate that the intended package (trojaned or
legit) has been properly received. They offer nothing from a security
perspective unless the checksums have been signed with a key which can
be readily validated from multiple independent sources.

Regards,

--
Greg Copeland <greg(at)copelandconsulting(dot)net>
Copeland Computer Consulting

In response to

Re: PGP signing releases at 2003-02-03 02:23:14 from Marc G. Fournier

Responses

Re: PGP signing releases at 2003-02-03 19:55:03 from Kurt Roeckx

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Rod Taylor	2003-02-03 18:34:20	Re: Win32 Powerfail testing - results
Previous Message	Katie Ward	2003-02-03 17:54:10	Re: Win32 Technical Questions