| From: | Rod Taylor <rbt(at)rbt(dot)ca> |
|---|---|
| To: | Kurt Roeckx <Q(at)ping(dot)be> |
| Cc: | Curt Sampson <cjs(at)cynic(dot)net>, Greg Copeland <greg(at)CopelandConsulting(dot)Net>, "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>, Neil Conway <neilc(at)samurai(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PGP signing releases |
| Date: | 2003-02-04 18:02:05 |
| Message-ID: | 1044381725.80167.48.camel@jester |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 2003-02-04 at 12:55, Kurt Roeckx wrote:
> On Tue, Feb 04, 2003 at 01:35:47PM +0900, Curt Sampson wrote:
> > On Mon, 3 Feb 2003, Kurt Roeckx wrote:
> >
> > > I'm not saying md5 is as secure as pgp, not at all, but you can't
> > > trust those pgp keys to be the real one either.
> >
> > Sure you can. Just verify that they've been signed by someone you trust.
>
> I know how it works, it's just very unlikely I'll ever meet
> someone so it gives me a good chain.
>
> Anyway, I think pgp is good thing to do, just don't assume that
> it's always better then just md5.
Not necessarily better -- but it's always as good as md5.
--
Rod Taylor <rbt(at)rbt(dot)ca>
PGP Key: http://www.rbt.ca/rbtpub.asc
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Crawford | 2003-02-04 18:04:11 | Re: PGP signing releases |
| Previous Message | Kurt Roeckx | 2003-02-04 17:55:20 | Re: PGP signing releases |