Re: PGP signing releases
Andrew Dunstan <andrew@dunslane.net>
From: "Andrew Dunstan" <andrew@dunslane.net>
To: "Kurt Roeckx" <Q@ping.be>
Cc: "PostgreSQL Hackers" <pgsql-hackers@postgresql.org>
Date: 2003-02-05T01:40:57Z
Lists: pgsql-hackers
----- Original Message ----- From: "Kurt Roeckx" <Q@ping.be> > > Should I point out that a "fingerprint" is nothing more than a > hash? > If somebody shows you their passport to prove who they are and then gives you a fingerprint of their PGP key, they have implicitly signed that fingerprint. By contrast, a simple MD5 checksum of a binary sitting on the same server is effectively unsigned. You might like to do a little reading on PKI and how it works, before you make further comment. cheers andrew