From: Richard L. <ce...@l-...> - 2002-04-28 00:38:16
|
>This is why I think we should not only supply the MD5 hash, but also a GPG >signature indicating the package is valid. This way we can really protect >to fake a GPG signature! How does a GPG signature increase security? I defy you to come up with the same MD5 hash for an altered release. The PGP keyring trust system is too easy for users to screw up. [shrug] Just my opinion. -- Got Music? http://l-i-e.com/artists.htm |