[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5639) Digital (PGP-)signature for downloadable sources

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5639) Digital (PGP-)signature for downloadable sources
From: h.b.furuseth@usit.uio.no
Date: Mon, 4 Aug 2008 13:06:41 GMT

Kurt@OpenLDAP.org writes:
> I note as well that properly deploying release signing requires
> more than script modification.  For instance, one does need to
> consider that the host to sign the releases might itself been
> taken over and the implications of such a takeover.

For that part, signatures in the 'https:' site would help.  Not
that I'm making an issue of it, I've got OpenLDAP installations
that I didn't verify against any signature right on this host.

-- 
Hallvard

Prev by Date: Re: (ITS#5639) Digital (PGP-)signature for downloadable sources
Next by Date: Re: (ITS#5586) SLAPD crashing with SIGABRT in connection.c on Solaris - reference through nil pointer
Index(es):
- Chronological
- Thread