Menu

#5 PGP signature and MD5 hash

closed
Jonathan Day
None
9
2012-09-14
2004-05-29
John Kristoff
No

It would be nice to have a verifiable PGP signature and
MD5 hash for this package. Preferably the PGP key id
and has would be published elsewhere (other than at the
same distribution site as the tarball), perhaps on a
mailing list? This would also allign with the recent
news item declaring:

"The main efforts from 1.0.0 will be on speedups and
security auditing."

Verifiable signatures would in my view be a good first
step in auditing the source package. :-)

John

Discussion

  • Jonathan Day

    Jonathan Day - 2006-01-10

    Logged In: YES
    user_id=1466

    0.9.5 onwards will be digitally signed. Because MD5 is not
    a trustable algorithm (but is widely used), I'll include
    the MD5 and SHA1 hashes for the package.

     

  • SourceForge Robot

    SourceForge Robot - 2006-01-25

    Logged In: YES
    user_id=1312539

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     

Log in to post a comment.