From owner-freebsd-security Wed Oct 9 16:31:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BFD0737B404 for ; Wed, 9 Oct 2002 16:31:30 -0700 (PDT) Received: from a2.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6105E43E6E for ; Wed, 9 Oct 2002 16:31:29 -0700 (PDT) (envelope-from andrew@scoop.co.nz) Received: from localhost (localhost [127.0.0.1]) by a2.scoop.co.nz (8.12.2/8.12.2) with ESMTP id g99NVOMT056683; Thu, 10 Oct 2002 12:31:24 +1300 (NZDT) (envelope-from andrew@scoop.co.nz) Date: Thu, 10 Oct 2002 12:31:24 +1300 (NZDT) From: Andrew McNaughton To: Erick Mechler Cc: Mike Hoskins , Subject: Re: md5 checksum server In-Reply-To: <20021009225932.GO10532@techometer.net> Message-ID: <20021010121731.O55435-100000@a2.scoop.co.nz> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 9 Oct 2002, Erick Mechler wrote: > :: Yes, PGP has been preferred to MD5 since its debut... So, how about a > :: similar setup for PGP signatures? :) It's interesting then that we use MD5 sums for ports. You might argue that the MD5 sum comes from a different source to the source tarball, but actually there's a lot of ports for which this is not the case. Obviously key management would become an issue, and probably the MD5 mechanism shoud be kept, but would it be worthwhile to add PGP signatures to ports? Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message