httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: pgp KEYS
Date Fri, 06 Jun 1997 19:02:11 GMT
Brian Behlendorf wrote:
> On Fri, 6 Jun 1997, Jim Jagielski wrote:
> > We should have the KEYS file available within an easy-click's reach
> > on the page, for people to be able to pgp check the binary
> > builds... Should't we?
> I still am somewhat confused by how it's being used.  I admit to not using PGP
> on a regular basis, but what is it in the .asc file that shows that it's Randy
> who signed it?

I haven't looked at the file, but assuming its a standard PGP signature, the
signature itself says whose it is.

>  And why is a simple md5 hash not sufficient, if what we're
> trying to prove is integrity? (i.e. "md5 apache_1.2.0.tar.gz >
> apache_1.2.0.tar.gz.md5") 

Because we're trying to prove that it hasn't been tampered with. So a signature
is required.



Ben Laurie                Phone: +44 (181) 994 6435  Email:
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL:
A.L. Digital Ltd,         Apache Group member (
London, England.          Apache-SSL author

View raw message