httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sameer <>
Subject Re: [STATUS] Sun Apr 13 19:08:09 PDT 1997
Date Thu, 17 Apr 1997 19:44:56 GMT
> >
> >    Should we start this with 1.2?  Just for grins, I created a keypair
> >    for "The Apache Group", but it's unclear how to distribute the
> >    secret key (or to whom).  Via file on Taz..?
>     No comment from anyone; maybe it didn't make it to the list
>     properly?  (Or is it just too boring? ;-)

	When signing the dist you have to look at the thret model. If
you are protecting against someone breaking into taz and inserting a
security hole, you have to do more than sign the distribution. If you
are wanting mirror sites to be carrying the rel thing, then signing
works. If you want to just prevent corruption during the transfer, you
cna use ssl to distribute the distribution.

Sameer Parekh					Voice:   510-986-8770
President					FAX:     510-986-8777

View raw message