| From: | Greg Stark <gsstark(at)mit(dot)edu> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Josh Berkus <josh(at)postgresql(dot)org>, PostgreSQL www <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: location of md5 files ... |
| Date: | 2009-12-14 21:56:59 |
| Message-ID: | 407d949e0912141356y7a7ca502i104b6ea8fec609a4@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On Mon, Dec 14, 2009 at 8:00 PM, Alvaro Herrera
<alvherre(at)commandprompt(dot)com> wrote:
>> Ideally, we should serve up the MD5s from an SSL enabled webserver.
>> Something to think about for the future.
>
> Shouldn't we distribute the MD5 signatures along the release message,
> which should itself be signed with some appropriate GPG key?
That sounds right to me. Even if it's not signed I can go check the
various mail archives to verify that other people saw the same
signatures and nobody else complained about a spoofed file.
--
greg
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lacey Powers | 2009-12-15 08:14:33 | Re: archives and search.pg.org scheduled maintenance |
| Previous Message | Alvaro Herrera | 2009-12-14 20:00:58 | Re: location of md5 files ... |