Re: PGP signing releases
Marc G. Fournier <scrappy@hub.org>
From: "Marc G. Fournier" <scrappy@hub.org>
To: Neil Conway <neilc@samurai.com>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2003-02-03T02:23:14Z
Lists: pgsql-hackers
On Sun, 2 Feb 2003, Neil Conway wrote: > Folks, > > I think we should PGP sign all the "official" packages that are provided > for download from the various mirror sites. IMHO, this is important > because: > > - ensuring that end users can trust PostgreSQL is an important part to > getting the product used in mission-critical applications, as I'm sure > you all know. Part of that is producing good software; another part is > ensuring that users can trust that the software we put out hasn't been > tampered with. right, that is why we started to provide md5 checksums ... > I'd volunteer to do the work myself, except that it's pretty closely > intertwined with the release process itself... well, if you want to tell me the steps, I'll consider it ...