| From: | Dave Page <dpage(at)pgadmin(dot)org> |
|---|---|
| To: | Josh Berkus <josh(at)postgresql(dot)org> |
| Cc: | PostgreSQL www <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: location of md5 files ... |
| Date: | 2009-12-14 19:59:16 |
| Message-ID: | 937d27e10912141159q16a13c0of96fdf9d8cb9bafb@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On Mon, Dec 14, 2009 at 7:23 PM, Josh Berkus <josh(at)postgresql(dot)org> wrote:
> WWW team,
>
> Does Otto have a point?
Yes. From a security perspective, the md5's are useless when
distributed alongside the binaries. That's why I GPG sign my releases
of pgAdmin and the MSI installer - noone else can recreate those
signatures.
There is potentially some benefit to having them there to allow the
user to verify they have a good download though, for example, in the
event of an error untarring.
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2009-12-14 19:59:24 | Re: location of md5 files ... |
| Previous Message | Josh Berkus | 2009-12-14 19:23:18 | location of md5 files ... |