On Tue, Apr 24, 2001 at 08:30:38PM +0200, Josip Rodin wrote: > Joey requested that MD5 checksums are put in security advisories on the web > pages, so I've added them, in a kludgey kinda way. Should we add a
nonononono! We *already* have the md5's available in a web-accessible form in the mailing list archives. Having them on the wml pages is a Bad Thing. There is no associated signature to validate that the md5's haven't been tampered with. It is likely that anyone who could modify the binaries on pandora could *also* modify the web pages. Adding md5's to the web pages is a dangerously misleading false sense of security. Anyone who wants this information for the purpose of validating a security upload *must* use the pgp-signed version *already available.* -- Mike Stone
pgpLNdffzDVBX.pgp
Description: PGP signature
