httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Re: Signatures, and sealing wax, and..
Date Tue, 12 Aug 1997 17:06:27 GMT
On Tue, 12 Aug 1997, Rodent of Unusual Size wrote:

> >>     4. Compressed tarchives should have accompanying .md5 *and* .asc
> >>        (PGP) signature files available.  (Yes, Ben, I know it's not as
> >>        good as signing the uncompressed tarchive, but it means people
> >>        can verify what they copy from the site w/o having to uncompress
> >>        it first.)
> >
> >Erm... I don't think this is practical for the binary releases.
>     Why not?  Which part is impractical?  It's something resembling what
>     we did for 1.2.0..

Only the person building the release can sign it and give any guarantee of
safety.  Not everyone who builds binary releases uses PGP.  The source
file is common, so anyone can verify it and sign it.  The binary releases

> >>     5. src/Configuration should use the platform's native cc(1) if it's
> >>        considered good, and *not* gcc - unless the native cc is suspect
> >>        or downright broken (HP-UX, can you hear me calling? ;-).
> >
> >I don't see the point in this.
>     Lots of people on this list like, prefer, and use gcc (observation).
>     But we're software goons and don't mind switching compilers at need.
>     I don't think it's fair to require someone to install Yet Another
>     Package just to compile according to *our* preferences, esp. if the
>     bundled compiler does an adequate job.  Lowest common denominator.
>     If someone doesn't have gcc installed, it is not the most trivial
>     nor briefest installation in the world.  Let's not make it a
>     requirement to reproduce our work.

The native cc and bundled cc are two different things.  Most platforms
don't have a bundled cc but do have a vendor cc available.  No one is
forcing anyone to use our preferences; if they want the binary, they get
the binary.  If they want to compile it themself, they compile it
themself.  The Configuration file should be messed with as little as
possible.  Whatever Configure decides it wants to use, my opinion is you
should let it unless you know it is broken in some way.

View raw message