At 04:46 PM 04/17/2001, [EMAIL PROTECTED] wrote:
>Well, it probably should be signed. The public key can then be
>grabbed from the issuer to verify authenticity. I don't think that
>(I assume they're public) keys should present any security problem
>as long as the key matches the official public key.
The point was that verifying a distribution's signature against a
public key contained in the distribution is pointless. At that
point, you may as well not have had it signed in the first place,
since if someone made their own distribution, they could have put the
key they were going to use in the distribution.
--
Greg Marr
[EMAIL PROTECTED]
"We thought you were dead."
"I was, but I'm better now." - Sheridan, "The Summoning"
