Re: PGP signing releases

Andrew Dunstan <andrew@dunslane.net>

From: "Andrew Dunstan" <andrew@dunslane.net>
To: "Kurt Roeckx" <Q@ping.be>
Cc: "PostgreSQL Hackers" <pgsql-hackers@postgresql.org>
Date: 2003-02-05T01:40:57Z
Lists: pgsql-hackers
----- Original Message -----
From: "Kurt Roeckx" <Q@ping.be>
>
> Should I point out that a "fingerprint" is nothing more than a
> hash?
>

If somebody shows you their passport to prove who they are and then gives
you a fingerprint of their PGP key, they have implicitly signed that
fingerprint. By contrast, a simple MD5 checksum of a binary sitting on the
same server is effectively unsigned.

You might like to do a little reading on PKI and how it works, before you
make further comment.

cheers

andrew