incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject Re: key signing
Date Thu, 11 Oct 2012 01:06:15 GMT
Ian Holsman wrote on Thu, Oct 11, 2012 at 10:53:11 +1100:
> 
> On Oct 11, 2012, at 10:44 AM, Greg Stein <gstein@gmail.com> wrote:
> 
> > 
> > (assume secure Infrastructure)
> 
> That's a pretty big assumption isn't it?
> There have been public instances where open source infrastructures have been hacked,
and releases have been messed with. 
> 
> I think keys removes the need for the assumption. 

Signatures also allow verifying "whoever signed <this> tarball is the
same person who signed the previous tarball".  Hash functions don't do
that.

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message