[Esd-l] ANN: Sanitizer update - 1.135 released
Peter Hanecak
hanecak at megaloman.com
Wed Jun 5 01:03:01 PDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello John,
On Sun, 26 May 2002, John D. Hardin wrote:
> --[PinePGP]--------------------------------------------------[begin]--
>
> The procmail sanitizer has been updated. The current version is 1.135
> It is available via:
...
>
> --[PinePGP]-----------------------------------------------------------
> gpg: Signature made Mon 27 May 2002 06:02:59 AM CEST using DSA key ID B8732E79
> gpg: Good signature from "John D. Hardin <jhardin at wolfenet.com>"
> --[PinePGP]----------------------------------------------------[end]--
you are for some time signing release announcements. That's wery good - we
can better check whether messages comes from you and whether they are
unaltered.
So can I ask you to sign also distribution files? So we can verify also
the sanitizer itself.
You can either (first best suits me :) :
1) generate and make available detached signature of distribution tarball,
say:
US/WA: http://www.impsec.org/email-tools/procmail-sanitizer.tar.gz
US/WA: http://www.impsec.org/email-tools/procmail-sanitizer.tar.gz.sig
- - that way we can verify whole tarball
2) sign .md5 files inside distribution: that way we can verify, that
.md5 files are OK so we can then trust those MD5 sums
3) generate detached signatures for files which also have .md5 files
associated: that way we can verify those files
4) ... well, we can come up with a lot of other signing scenarios, but
they may be usable more or less then those above (more likely less :) ,
any sugestions?)
Sincerely
Peter Hanecak
- --
===================================================================
Peter Hanecak <hanecak at megaloman.com>
GPG pub.key: http://www.megaloman.com/gpg/hanecak-megaloman.txt
===================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE8/cUY1rzDsblwlA8RAjr2AKCKvi2AdPQhx75HlUZl6fPUwY9WUwCfc3Vk
wcOck6mwIZyugG+yfFoxTVM=
=5z2a
-----END PGP SIGNATURE-----
More information about the esd-l
mailing list