httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <>
Subject Re: 1.2.1
Date Sun, 06 Jul 1997 17:34:20 GMT
On Sun, 6 Jul 1997, Rodent of Unusual Size wrote:

> >From the fingers of Marc Slemko flowed the following:
> >
> >> It allows people to check for tampered-with source on mirrors.
> >
> >md5 lets you do that too, and is the main reason I would use it if I were
> >a user.
> >
> >Get the md5 hash from the main site, get the tarball from a closer mirror,
> >compare the hashes.  Much easier for me on OSes with md5 already installed
> >than installing pgp, getting the keys, etc, etc. 
>     So?  It's easier for *you*, but it's not easier for *me*.  My system
>     doesn't have md5, but it does have PGP.
>     So let's sign it both ways.  MD5 says, "file a is the same as file
>     b;" PGP says, "file a is the same as file b, and Joe Bonehead
>     attests to the validity of file a."
>     Downloaders that care can use whichever method they like.

I've PGP signed apache_1.2.1.tar  and created dist/apache_1.2.1.tar.asc
according to Ben's instructions.

View raw message