Re: PGP signing releases
Greg Copeland <greg@copelandconsulting.net>
From: Greg Copeland <greg@CopelandConsulting.Net>
To: "Marc G. Fournier" <scrappy@hub.org>
Cc: Neil Conway <neilc@samurai.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2003-02-03T18:24:14Z
Lists: pgsql-hackers
On Sun, 2003-02-02 at 20:23, Marc G. Fournier wrote: > right, that is why we started to provide md5 checksums ... md5 checksums only validate that the intended package (trojaned or legit) has been properly received. They offer nothing from a security perspective unless the checksums have been signed with a key which can be readily validated from multiple independent sources. Regards, -- Greg Copeland <greg@copelandconsulting.net> Copeland Computer Consulting