On 5/31/2012 4:17 PM, Mark Doliner wrote:
I could always create gpg signatures of the .exe files the same way we
do for the tar balls.
That's probably worthwhile for all 6 users who will bother to check it.
Plus the reality of it, at least from my point of view, is that unless
the GPG signature is distributed in a significantly different fashion
from the EXE itself, it can be tampered with by anyone who has access to
update the EXE itself.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
_______________________________________________
[email protected] mailing list
Want to unsubscribe? Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support
