From: | Greg Stark <gsstark(at)mit(dot)edu> |
---|---|
To: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Josh Berkus <josh(at)postgresql(dot)org>, PostgreSQL www <pgsql-www(at)postgresql(dot)org> |
Subject: | Re: location of md5 files ... |
Date: | 2009-12-14 21:56:59 |
Message-ID: | 407d949e0912141356y7a7ca502i104b6ea8fec609a4@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
On Mon, Dec 14, 2009 at 8:00 PM, Alvaro Herrera
<alvherre(at)commandprompt(dot)com> wrote:
>> Ideally, we should serve up the MD5s from an SSL enabled webserver.
>> Something to think about for the future.
>
> Shouldn't we distribute the MD5 signatures along the release message,
> which should itself be signed with some appropriate GPG key?
That sounds right to me. Even if it's not signed I can go check the
various mail archives to verify that other people saw the same
signatures and nobody else complained about a spoofed file.
--
greg
From | Date | Subject | |
---|---|---|---|
Next Message | Lacey Powers | 2009-12-15 08:14:33 | Re: archives and search.pg.org scheduled maintenance |
Previous Message | Alvaro Herrera | 2009-12-14 20:00:58 | Re: location of md5 files ... |