httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: pgp KEYS
Date Fri, 06 Jun 1997 20:06:28 GMT
> On Fri, 6 Jun 1997, Jim Jagielski wrote:
> > We should have the KEYS file available within an easy-click's reach
> > on the page, for people to be able to pgp check the binary
> > builds... Should't we?
> I still am somewhat confused by how it's being used.  I admit to not using PGP
> on a regular basis, but what is it in the .asc file that shows that it's Randy
> who signed it?  And why is a simple md5 hash not sufficient, if what we're
> trying to prove is integrity? (i.e. "md5 apache_1.2.0.tar.gz >
> apache_1.2.0.tar.gz.md5") 

For the A/UX and FreeBSD 2.2 files, I simply signed the entire package
and create ascii armor for it (the .asc files). The README states that
my key should be used, so those with pgp should be able to verify
that the file and the key both jive, thus indicating that _I_ really
and truly signed it.

      Jim Jagielski            |       jaguNET Access Services           |
            "Look at me! I'm wearing a cardboard belt!"

View raw message