J. Andres Hall wrote:
>
> >>> This is an MD5 hash/checksum taken on the file openssl-0.9.1c.tar.gz and it
> >>> has nothing
> >>> to do with your compilation problems... It's a kind of guarantee that the
> file
> >>> hasn't been
> >>> modified.
> >>
> >> Not much of one, of course, since whoever modified it could also modify
> >> the MD5!
> >
> >Correct, the MD5 is actually intended to just let people quicky check wheter
> >some download/transfer errors occured. For real guarantee we should sign it
> >via PGP.
> > Ralf S. Engelschall
>
> Why would you use PGP to sign the source of an X.509-capable Package?
At least the first time you download it, perhaps you
don't have any X.509 software to verify it with?
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
