incubator-depot-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam R. B. Jack" <aj...@trysybase.com>
Subject Re: MD5 Hash
Date Wed, 11 Feb 2004 16:27:03 GMT
> Basically the MD5 Hash does not need keys.
> [...]
> Also apache.org delivers a file named .asc

Ok, thanks, I get it now (I think.)

This explains some of the negative comments I've heard about MD5 then (it
not being too strong). I read on some, on one Apache list, that folks will
be ok with this being strong enough though. What will be tricky for us,
should we chose to attempt it, will be supporting mirrors yet using the
original MD5 from Apache...

Since ASC has keys, that ties in to the 'web of trust' that Apache is
working on, I think. Once on trusts a certain set of keys, those keys can be
used to verify others that are acquired, and those can be used to verify the
ASC. This is much harder to automate, but something we could aspire to...

regards,

Adam


Mime
View raw message