-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> I think we should PGP sign all the "official" packages that are
> provided for download from the various mirror sites.
Doesn't anyone around here read pgsql-general? :) I've been arguing for
this over there since June of last year. I've also been signing the
checksums with PGP and posting those to the mailing list.
If this is done (and I am very glad to see a renewed interest forming),
I'd like to see it done the correct way - it's too easy to get this wrong
and could actually decrease the security of the project by providing a
false sense of security. I think this list would be a good place to discuss
how it would be implemented.
- --
Greg Sabino Mullane greg@turnstep.com
PGP Key: 0x14964AC8 200302030948
-----BEGIN PGP SIGNATURE-----
Comment: http://www.gtsm.com/pgp.html
iD8DBQE+PoGQvJuQZxSWSsgRAinkAJ9HViGZIfWVvX8RswLsNfec7ln6yQCfbO+L
WjSKSr61QKkfpL6Ax0vt4Ag=
=0MK8
-----END PGP SIGNATURE-----