httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <>
Subject Re: Bad key from your id on Apache Windows Binary
Date Mon, 05 Mar 2007 20:03:38 GMT

On 03/05/2007 05:12 PM, Joshua Slive wrote:

> In general, for the average downloader, establishing a trust
> relationship to the signer is going to be pretty difficult.  If you
> trust, then just verifying the md5 signature is enough.  If

As discussed in different places (not sure whether on or md5 can be only seen as some sort of checksum today
to find transmission errors. It is not really useful any longer to detect
deliberate changes of the files.

> you don't trust (and really, you shouldn't), you'll need to
> find some out-of-band way to verify either the md5 or the pgp key.

At least obtaining the KEYS file via


should increase the trust in the KEYS file and it contents (provided that
our repository has not been hacked).



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message