-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Considering that this is a security-related system catalog update, is
> there any way of providing some sort of signature for a message like
> this such that the community can feel that issuing some arcane commands
> as a superuser won't open a hole rather than close one?
An excellent point. Ideally someone (Tom) would be using GnuPG to sign
important messages like this with a digital signature. However, there are
a few checks one could do until that happens. One, compare his headers with
previous ones. Second, check the page at www.postgresql.org for a matching
announcement. Third, wait five minutes for the real Tom Lane to denounce any
fake email sent in his name. :)
If it makes you feel better, I'm 100% sure that was a legitimate email, and
I am going to sign this. :)
- --
Greg Sabino Mullane greg@turnstep.com
PGP Key: 0x14964AC8 200505040739
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
-----BEGIN PGP SIGNATURE-----
iD8DBQFCeLTwvJuQZxSWSsgRAtACAKDvyylXy1MliqSs8Jsoz7XicXmBagCgoprg
qKPTIVv55E3ne19OGvtOTHM=
=IFvp
-----END PGP SIGNATURE-----
