On Thu, 15 Jul 2004, Noel J. Bergman <[EMAIL PROTECTED]> wrote: >> I tend to disagree with your assertion that PGP signtures are less >> important than MD5 signatures. But then again, given how badly >> connected the PGP keys used to sign most Jakarta releases are, you >> are probably correct. A signature by a key that hasn't been signed >> by anybody else isn't much better than a MD5 hash. > > Perhaps, but PGP signatures are better,
See my first sentence in the paragraph you quoted 8-) > and there are things happen to improve the ASF WoT, such as our own > CA server. Yep, but right now they are not really better than MD5 hashes. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]