httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: [VOTE] release httpd mod_fcgid-2.3.1?
Date Wed, 16 Sep 2009 05:49:29 GMT
Rainer Jung wrote:
> Some people seem to indicate, that the implementation of pgp is safer,
> on the other hand md5sum etc. have a builtin check option (-c), so you
> can run them directly against the checksum file to compares the checksum
> in the checksum file with a freshly computed checksum of the base file.
> This seems handy to me. It looks like gpg is not able to do that, i.e.
> you have to compare the sums by staring at them. Of course with gpg you
> can check using the signature file.

That is frustrating.  I wish we didn't illustrate it in our
scripts :(  But a SHA1 or MD5 or whatever result is a specific value, the
"Safety" argument is complete drivel (and I didn't complete it, either).

I regenerated all the mod_fcgid .md5/sha1 artifacts and then verified they
had not changed.  This was necessary anyways due to the -beta rename, and
I'll be doing the same for mod_ftp if we get that far.

View raw message