Re: PGP signing releases
Rod Taylor <rbt@rbt.ca>
From: Rod Taylor <rbt@rbt.ca>
To: Kurt Roeckx <Q@ping.be>
Cc: Curt Sampson <cjs@cynic.net>, Greg Copeland <greg@CopelandConsulting.Net>, "Marc G. Fournier" <scrappy@hub.org>, Neil Conway <neilc@samurai.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2003-02-04T18:02:05Z
Lists: pgsql-hackers
On Tue, 2003-02-04 at 12:55, Kurt Roeckx wrote: > On Tue, Feb 04, 2003 at 01:35:47PM +0900, Curt Sampson wrote: > > On Mon, 3 Feb 2003, Kurt Roeckx wrote: > > > > > I'm not saying md5 is as secure as pgp, not at all, but you can't > > > trust those pgp keys to be the real one either. > > > > Sure you can. Just verify that they've been signed by someone you trust. > > I know how it works, it's just very unlikely I'll ever meet > someone so it gives me a good chain. > > Anyway, I think pgp is good thing to do, just don't assume that > it's always better then just md5. Not necessarily better -- but it's always as good as md5. -- Rod Taylor <rbt@rbt.ca> PGP Key: http://www.rbt.ca/rbtpub.asc