This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Signature verification problem...

From: Florian Weimer <fw at deneb dot enyo dot de>
To: gdr at acm dot org
Cc: "Zack Weinberg" <zack at codesourcery dot com>, "Gerald Pfeifer" <gerald at pfeifer dot com>, gcc at gnu dot org
Date: Fri, 16 Jul 2004 22:35:28 +0200
Subject: Re: Signature verification problem...
References: <000001c46298$dfb4b6d0$07dc6551@endyvlwz58nhmy><Pine.BSF.4.58.0407102124390.7094@acrux.dbai.tuwien.ac.at><87u0w8eblm.fsf@codesourcery.com><32899.::ffff:24.250.169.187.1089976276.squirrel@webmail.nerim.net>

* Gabriel Dos Reis:

> That looks to me to be a good suggestion -- the keys would
> be those of people "authorized" to upload GCC on ftp.gnu.org
> and I believe all of them have signed GGC tarballs as of today.

The fingerprint of the key used to sign releases should also be
included in the printed manuals.

PGP signing of releases is usually not very helpful.  For example,
would you trust an Apache release which is signed by a Rodent of
Unusual Size? 8-)

Follow-Ups:
- Re: Signature verification problem...
  - From: Gabriel Dos Reis

References:
- Signature verification problem...
  - From: Bernard Leak
- Re: Signature verification problem...
  - From: Gerald Pfeifer
- Re: Signature verification problem...
  - From: Zack Weinberg
- Re: Signature verification problem...
  - From: Gabriel Dos Reis

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]