httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: pgp KEYS
Date Fri, 06 Jun 1997 19:02:11 GMT
Brian Behlendorf wrote:
> 
> On Fri, 6 Jun 1997, Jim Jagielski wrote:
> > We should have the KEYS file available within an easy-click's reach
> > on the page, for people to be able to pgp check the binary
> > builds... Should't we?
> 
> I still am somewhat confused by how it's being used.  I admit to not using PGP
> on a regular basis, but what is it in the .asc file that shows that it's Randy
> who signed it?

I haven't looked at the file, but assuming its a standard PGP signature, the
signature itself says whose it is.

>  And why is a simple md5 hash not sufficient, if what we're
> trying to prove is integrity? (i.e. "md5 apache_1.2.0.tar.gz >
> apache_1.2.0.tar.gz.md5") 

Because we're trying to prove that it hasn't been tampered with. So a signature
is required.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author

Mime
View raw message