Home > mailing lists

Re: PGP signing releases - Mailing list pgsql-hackers

From	Curt Sampson
Subject	Re: PGP signing releases
Date	February 4, 2003 19:28:08
Msg-id	Pine.NEB.4.51.0302050925190.561@angelic.cynic.net Whole thread Raw
In response to	Re: PGP signing releases (Greg Copeland <greg@CopelandConsulting.Net>)
Responses	Re: PGP signing releases
List	pgsql-hackers

Tree view

On Tue, 2003-02-04 at 16:13, Kurt Roeckx wrote:
> On Tue, Feb 04, 2003 at 02:04:01PM -0600, Greg Copeland wrote:
> >
> > Even improperly used, digital signatures should never be worse than
> > simple checksums.  Having said that, anyone that is trusting checksums
> > as a form of authenticity validation is begging for trouble.
>
> Should I point out that a "fingerprint" is nothing more than a
> hash?

Since someone already mentioned MD5 checksums of tar files versus PGP
key fingerprints, perhaps things will become a bit clearer here if I
point out that the important point is not that these are both hashes of
some data, but that the time and means of acquisition of that hash are
entirely different between the two.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 90 7737 2974   http://www.netbsd.org   Don't you know, in this new Dark Age, we're
alllight.  --XTC

pgsql-hackers by date:

From: Greg Copeland
Date: 04 February 2003, 19:19:53
Subject: Re: PGP signing releases

From: "Christopher Kings-Lynne"
Date: 04 February 2003, 20:38:44
Subject: Re: [GENERAL] HELP NEEDED: Recreating DROP columns

Re: PGP signing releases - Mailing list pgsql-hackers

Previous

Next