-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eitan Adler wrote:
> Correct me if I'm wrong but I thought that svn did its own checksumming.
> If so why do we need to our own?

"In God we trust, everyone else must have an X.509 certificate."

Well, that's not necessarily be a X.509 certificate but it must be some
form of signature, as it's not too hard to replace a specific revision
in svn if the server gets compromised.

Cheers,
- --
Xin LI <delp...@delphij.net>    http://www.delphij.net/
FreeBSD - The Power to Serve!          Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)

iEYEARECAAYFAkr5tssACgkQi+vbBBjt66BdpACdH5+RSlwKN10x8MiGFYiuX0dL
L94An1N1uYCFUYJo0f0U2jZgqRK7emo1
=jFoS
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Reply via email to