[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [be] Verification of release tar balls
|
From: |
Teus Benschop |
|
Subject: |
Re: [be] Verification of release tar balls |
|
Date: |
Sat, 25 Sep 2010 17:30:20 +0200 |
On Fri, 2010-09-24 at 11:51 -0700, Jonathan Marsden wrote:
[...]
> My opinion is that far fewer users understand this approach than
> understand the way to check MD5SUMs, and it is less easily automatable
> (because you have to import the specific public key involved) so while
> the level of verification is definitely higher, the chance that someone
> will actually take the time to verify a file this way is lower. It's
> good practice to provide both, of course :)
Thanks for giving the steps to do the job, and the advantages and
disadvantages to this.
Before starting on this, may I ask if there is going to be anyone who
will use the GnuPG signatures to verify the accuracy of the tar balls?
If there is nobody, there is little point in signing the stuff.
Teus.
- [be] Verification of release tar balls, John Marshall, 2010/09/23
- Re: [be] Verification of release tar balls, Teus Benschop, 2010/09/23
- Re: [be] Verification of release tar balls, Jonathan Marsden, 2010/09/23
- Re: [be] Verification of release tar balls, Teus Benschop, 2010/09/24
- Re: [be] Verification of release tar balls, David Gardner, 2010/09/24
- Re: [be] Verification of release tar balls, Teus Benschop, 2010/09/24
- Re: [be] Verification of release tar balls, Jonathan Marsden, 2010/09/24
- Re: [be] Verification of release tar balls,
Teus Benschop <=
- Re: [be] Verification of release tar balls, John Marshall, 2010/09/27
- Re: [be] Verification of release tar balls, Teus Benschop, 2010/09/27
- Re: [be] Verification of release tar balls, John Marshall, 2010/09/27