httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dirk.vanGulik" <Dirk.vanGu...@jrc.it>
Subject Re: 1.2.1
Date Sun, 06 Jul 1997 17:13:03 GMT
> > Randy Terbush wrote:
> > > I agree that md5 is probably sufficient for our purposes. 
> > > Perhaps the crypto-heads can convince me of the advantages of using 
> > > PGP.
> > 
> > It allows people to check for tampered-with source on mirrors.
> 
> md5 lets you do that too, and is the main reason I would use it if I were
> a user.
> 
> Get the md5 hash from the main site, get the tarball from a closer mirror,
> compare the hashes.  Much easier for me on OSes with md5 already installed
> than installing pgp, getting the keys, etc, etc. 
> 
I'd agree here; just put the md5's on the webpages of both the
mastersite and the mirrors; and make them quite visible; perhaps
even with a statement like

	<blockquote>
	<pre>% md5 <a href="tarball.tar.gz">tarball.tar.gz</a>
	MD5 (tarball.tar.gz) = f9d82524dad2972d262905839404bab9
	% 
	</pre>
	</blockquote>

:-)
Dw.

Mime
View raw message