httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: Fwd: 1.3.1 missing pgp signature
Date Sat, 25 Jul 1998 23:14:43 GMT
David Southwell wrote:
> 
> Going back to basics can someone spell out for me and other
> comparative newcomers:

The issues are common to many, if not most, forms of software
distribution over the net.

> 1. what benefits are gained by using the key.
> 2. why it is always essential to  use it

The answers to these are the same.  By having a trusted person
sign a release, and have both the signature and the signer's
public key available online in a secure location, someone who
downloads the tarball - regardless of from where - can check the
signature against what it's supposed to be and be assured that
what he's gotten is what the signer approved.

Think of it as a very secure form of checksumming, for integrity
assurance.

#ken	P-)}

Ken Coar                    <http://Web.Golux.Com/coar/>
Apache Group member         <http://www.apache.org/>
"Apache Server for Dummies" <http://Web.Golux.Com/coar/ASFD/>

Mime
View raw message