Re: PGP signing releases

From: Kurt Roeckx <Q(at)ping(dot)be>
To: Curt Sampson <cjs(at)cynic(dot)net>
Cc: Greg Copeland <greg(at)CopelandConsulting(dot)Net>, "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>, Neil Conway <neilc(at)samurai(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: PGP signing releases
Date: 2003-02-04 17:55:20
Message-ID: 20030204175520.GA256@ping.be
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Feb 04, 2003 at 01:35:47PM +0900, Curt Sampson wrote:
> On Mon, 3 Feb 2003, Kurt Roeckx wrote:
>
> > I'm not saying md5 is as secure as pgp, not at all, but you can't
> > trust those pgp keys to be the real one either.
>
> Sure you can. Just verify that they've been signed by someone you trust.

I know how it works, it's just very unlikely I'll ever meet
someone so it gives me a good chain.

Anyway, I think pgp is good thing to do, just don't assume that
it's always better then just md5.

Kurt

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Rod Taylor 2003-02-04 18:02:05 Re: PGP signing releases
Previous Message Jon Jensen 2003-02-04 17:36:23 Re: POSIX regex performance bug in 7.3 Vs. 7.2