Home > mailing lists

Re: PGP signing releases - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: PGP signing releases
Date	February 10, 2003 17:02:56
Msg-id	Pine.LNX.4.44.0302101523510.6138-100000@peter.localdomain Whole thread Raw
In response to	Re: PGP signing releases (Curt Sampson <cjs@cynic.net>)
Responses	Re: PGP signing releases
List	pgsql-hackers

Tree view

Curt Sampson writes:

> MD5, or any other unsigned check, makes sense from a security point of
> view only if it is stored independently from the thing you are checking.

So you put the MD5 sum into the release announcement email.  That is
downloaded by many people and also archived in many distributed places
that we don't control, so it would be very hard to tamper with.  ISTM that
this gives you the same result as a PGP signature but with much less
administrative overhead.

-- 
Peter Eisentraut   peter_e@gmx.net

pgsql-hackers by date:

From: Peter Eisentraut
Date: 10 February 2003, 16:57:50
Subject: Re: pg_dump is broken by recent privileges changes

From: Peter Eisentraut
Date: 10 February 2003, 17:03:23
Subject: Re: 7.2 -> 7.3 incompatibility

Re: PGP signing releases - Mailing list pgsql-hackers

Previous

Next