Date: Wed, 9 Oct 2002 13:16:37 -0700 From: Claus Assmann <freebsd+security@esmtp.org> To: security@FreeBSD.ORG Subject: Re: Am I downloading what I think I am (was Re: I doubt that this affects FreeBSD, but FYI Message-ID: <20021009131637.A15913@zardoc.esmtp.org> In-Reply-To: <5.1.1.6.0.20021009154208.05e43d98@marble.sentex.ca>; from mike@sentex.net on Wed, Oct 09, 2002 at 03:54:27PM -0400 References: <20021009193436.GF84472@xor.obsecurity.org> <A87611A0-DB29-11D6-8AF4-003065479A66@infospace.com> <4.3.2.7.2.20021008174734.029e9e00@localhost> <A87611A0-DB29-11D6-8AF4-003065479A66@infospace.com> <5.1.1.6.0.20021009130608.0655d7f8@marble.sentex.ca> <20021009193436.GF84472@xor.obsecurity.org> <20021009193602.GG84472@xor.obsecurity.org> <5.1.1.6.0.20021009154208.05e43d98@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 09, 2002, Mike Tancsa wrote: > Sorry, I should have been more clear. I was speaking more to the > general issue of a user downloading both the binary and checksum from the > same source as is / was the case with ftp.sendmail.org. For sendmail the MD5 sums are in the PGP signed announcements. If you can verify the PGP signature of the announcements and you can "trust" the PGP key, then you're as safe as if you do the same check for the PGP signature of the tar file itself. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021009131637.A15913>