| From: | Curt Sampson <cjs(at)cynic(dot)net> |
|---|---|
| To: | Kurt Roeckx <Q(at)ping(dot)be> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PGP signing releases |
| Date: | 2003-02-05 00:27:58 |
| Message-ID: | Pine.NEB.4.51.0302050925190.561@angelic.cynic.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 2003-02-04 at 16:13, Kurt Roeckx wrote:
> On Tue, Feb 04, 2003 at 02:04:01PM -0600, Greg Copeland wrote:
> >
> > Even improperly used, digital signatures should never be worse than
> > simple checksums. Having said that, anyone that is trusting checksums
> > as a form of authenticity validation is begging for trouble.
>
> Should I point out that a "fingerprint" is nothing more than a
> hash?
Since someone already mentioned MD5 checksums of tar files versus PGP
key fingerprints, perhaps things will become a bit clearer here if I
point out that the important point is not that these are both hashes of
some data, but that the time and means of acquisition of that hash are
entirely different between the two.
cjs
--
Curt Sampson <cjs(at)cynic(dot)net> +81 90 7737 2974 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Copeland | 2003-02-05 00:43:55 | Re: PGP signing releases |
| Previous Message | Greg Copeland | 2003-02-05 00:19:42 | Re: PGP signing releases |