From owner-freebsd-ports-bugs@FreeBSD.ORG  Sun Feb 29 15:41:20 2004
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7C7A316A4CE
	for <freebsd-ports-bugs@FreeBSD.org>;
	Sun, 29 Feb 2004 15:41:20 -0800 (PST)
Received: from pm1.ric-13.lft.widomaker.com (pm1.ric-13.lft.widomaker.com
	[209.96.189.29])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3E8B543D53
	for <freebsd-ports-bugs@FreeBSD.org>;
	Sun, 29 Feb 2004 15:41:19 -0800 (PST)
	(envelope-from jason@pm1.ric-13.lft.widomaker.com)
Received: (from jason@localhost)
	by pm1.ric-13.lft.widomaker.com (8.12.11/8.12.10) id i1TNf3rg036087;
	Sun, 29 Feb 2004 18:41:03 -0500 (EST)
Date: Sun, 29 Feb 2004 18:41:00 -0500
From: Jason Harris <jharris@widomaker.com>
To: Oliver Eikemeier <eikemeier@fillmore-labs.com>
Message-ID: <20040229234100.GM10980@pm1.ric-41.lft.widomaker.com>
References: <200402292021.i1TKLl7q016441@freefall.freebsd.org>
	<20040229211208.GA35429@pm1.ric-13.lft.widomaker.com>
	<40425855.4050006@fillmore-labs.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="FnOKg9Ah4tDwTfQS"
Content-Disposition: inline
In-Reply-To: <40425855.4050006@fillmore-labs.com>
User-Agent: Mutt/1.4.2.1i
cc: freebsd-ports-bugs@FreeBSD.org
cc: Jason Harris <jharris@widomaker.com>
Subject: Re: ports/63546: ports/security/libprelude - fetch PGP signature
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Feb 2004 23:41:20 -0000


--FnOKg9Ah4tDwTfQS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Feb 29, 2004 at 10:23:33PM +0100, Oliver Eikemeier wrote:

> Unfortunate, but I guess we can fix this. I hope I made my point without=
=20
> offending you, but blindly downloading and verifying a PGP signature is=
=20
> actually *less* secure than the md5 checksum in distinfo, and worse, it
> gives a false sense of security.

No offense taken - your presumptions about security plague many.

--=20
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004

--FnOKg9Ah4tDwTfQS
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAQniKSypIl9OdoOMRAtGhAKC7MuBsOAazaWKKMiBt/1W+Xo9OawCggRa5
SM6XNAJ3SWSA1hP/uY2C170=
=bNQ1
-----END PGP SIGNATURE-----

--FnOKg9Ah4tDwTfQS--