|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Bruce A. Mah (bmah_at_FreeBSD.ORG)
Date: Mon Jan 20 2003 - 10:50:40 CST
If memory serves me right, Udo Erdelhoff wrote:
> some time ago, Bruce added the MD5 checksums for the 4.7 ISOs to
> the release notes website (www/en/releases/4.7R/CHECKSUM-i386.MD5
> in the CVS repository). I think this is a good idea that should
> be repeated for 5.0. I could assemble the file easily enough from
> the various CHECKSUM.MD5 files for the different platforms by
> sampling the mirrors.
Just for the record, it was Murray who did this, not Bruce. :-)
It's not an institutionalized policy, though I think it's a good idea.
(Personally, I like the thought of putting the checksums in the release
announcement.)
> However, I think it would be a better idea to have that file assembled
> and PGP-signed by the security-officer before adding it.
Signing by one of the release engineers or by the security-officer team
would be a Good Thing (TM). If the RE team had a shared signing key, we
could use it for this, but we don't. Maybe we should, but that's
another issue.
Cheers,
Bruce.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (FreeBSD)
Comment: Exmh version 2.5+ 20020506
iD8DBQE+LCjg2MoxcVugUsMRAhHHAJ4uSA0iD5jVJIBz87pHaLfDkbdaTwCgopWu
72EnUdm+UG6fTplkgsXrZWM=
=qaBJ
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo
FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]