Date: Thu, 10 Oct 2002 12:31:24 +1300 (NZDT) From: Andrew McNaughton <andrew@scoop.co.nz> To: Erick Mechler <emechler@techometer.net> Cc: Mike Hoskins <mike@adept.org>, <security@FreeBSD.ORG> Subject: Re: md5 checksum server Message-ID: <20021010121731.O55435-100000@a2.scoop.co.nz> In-Reply-To: <20021009225932.GO10532@techometer.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Oct 2002, Erick Mechler wrote: > :: Yes, PGP has been preferred to MD5 since its debut... So, how about a > :: similar setup for PGP signatures? :) It's interesting then that we use MD5 sums for ports. You might argue that the MD5 sum comes from a different source to the source tarball, but actually there's a lot of ports for which this is not the case. Obviously key management would become an issue, and probably the MD5 mechanism shoud be kept, but would it be worthwhile to add PGP signatures to ports? Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021010121731.O55435-100000>