httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: 1.2.1
Date Sun, 06 Jul 1997 16:55:48 GMT
Marc Slemko wrote:
> 
> On Sun, 6 Jul 1997, Ben Laurie wrote:
> 
> > Randy Terbush wrote:
> > > I agree that md5 is probably sufficient for our purposes. 
> > > Perhaps the crypto-heads can convince me of the advantages of using 
> > > PGP.
> > 
> > It allows people to check for tampered-with source on mirrors.
> 
> md5 lets you do that too, and is the main reason I would use it if I were
> a user.
> 
> Get the md5 hash from the main site, get the tarball from a closer mirror,
> compare the hashes.  Much easier for me on OSes with md5 already installed
> than installing pgp, getting the keys, etc, etc. 

Hmmm ... OK - so lets add an MD5 hash to the signature file. For Apache-SSL,
I actually sign the MD5s of the component files..

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author

Mime
View raw message