On Tue, 11 Feb 2003, Bruce Momjian wrote: > > I hate to poo-poo this, but this "web of trust" sounds more like a "web > of confusion". I liked the idea of mentioning the MD5 in the email > announcement. It doesn't require much extra work, and doesn't require a > 'web of %$*&" to be set up to check things. Yea, it isn't as secure as > going through the motions, but if someone breaks into that FTP server > and changes the tarball and MD5 file, we have much bigger problems than > someone modifying the tarballs; our CVS is on that machine too.
Its so rare that it happens, but I do agree with Bruce :) Justin, one thought ... storing the MD5s in the database for the postgresql.org site, so that ppl can compare the two places? We'd *really* have to be compromised for that to fail, but adding the md5s would be easy enough ... ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
