httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sameer <>
Subject Re: [STATUS] Tue Jun 3 13:32:51 EDT 1997
Date Tue, 03 Jun 1997 19:16:24 GMT
> Marc Slemko wrote:
> > Oh, and even if we don't start signing releases we should provide a md5
> > hash on the web site for all source and binaries.  Easy to make, easy to
> > verify, lets someone download from a mirror and then just verify the hash
> > with the main site, etc.
> I've been thinking about signing. I think we should circulate the keys of the
> developers with the source. The MD5 hashes of the distribution can be detached
> signed by as many developers as can be bothered, and those signatures rolled
> into the final release.
> If there's agreement, I'd suggest we create a KEYS file at the top of the CVS
> repository, and sling our keys into it. We should also create a signatures
> directory, which is where we put our signatures and the MD5 hashes. Signature
> files would be named with the email address of the signer. 

	I agree.

> This would have an
> incidental side-effect of signing the CVS source tree at particular points,
> BTW.

	I am confused on this point, I don't understand.

Sameer Parekh					Voice:   510-986-8770
President					FAX:     510-986-8777

View raw message