Date: Sun, 29 Feb 2004 18:41:00 -0500 From: Jason Harris <jharris@widomaker.com> To: Oliver Eikemeier <eikemeier@fillmore-labs.com> Cc: Jason Harris <jharris@widomaker.com> Subject: Re: ports/63546: ports/security/libprelude - fetch PGP signature Message-ID: <20040229234100.GM10980@pm1.ric-41.lft.widomaker.com> In-Reply-To: <40425855.4050006@fillmore-labs.com> References: <200402292021.i1TKLl7q016441@freefall.freebsd.org> <20040229211208.GA35429@pm1.ric-13.lft.widomaker.com> <40425855.4050006@fillmore-labs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--FnOKg9Ah4tDwTfQS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 29, 2004 at 10:23:33PM +0100, Oliver Eikemeier wrote: > Unfortunate, but I guess we can fix this. I hope I made my point without= =20 > offending you, but blindly downloading and verifying a PGP signature is= =20 > actually *less* secure than the md5 checksum in distinfo, and worse, it > gives a false sense of security. No offense taken - your presumptions about security plague many. --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 --FnOKg9Ah4tDwTfQS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAQniKSypIl9OdoOMRAtGhAKC7MuBsOAazaWKKMiBt/1W+Xo9OawCggRa5 SM6XNAJ3SWSA1hP/uY2C170= =bNQ1 -----END PGP SIGNATURE----- --FnOKg9Ah4tDwTfQS--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040229234100.GM10980>