On Mon, 8 Mar 1999, J. Andres Hall wrote:
> >> Not much of one, of course, since whoever modified it could also modify
> >> the MD5!
> >
> >Correct, the MD5 is actually intended to just let people quicky check wheter
> >some download/transfer errors occured. For real guarantee we should sign it
> >via PGP.
> > Ralf S. Engelschall
>
>
> Why would you use PGP to sign the source of an X.509-capable Package?
Maybe because OpenSSL is full of backdoors and the core team don't trust
it??? ;-)
Just kidding...
Anyway, that's a good question, there's a real need to perform PKCS#7
signing, or S/MIME signing... or anything that could be useful in this
sense...
--
Erwann ABALEA
System and Development Engineer - Certplus SA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
