[MPlayer-users] Why are the MPlayer sources not signed ?
ismail donmez
dawson3k at myrealbox.com
Sun Aug 4 18:26:01 CEST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
r00tkid wrote:
| [Automatic answer: RTFM (read DOCS, FAQ), also read DOCS/bugreports.html]
| hi there,
|
| just a phew days ago 2 versions of OpenSSH were trojaned after BSD's ftp
| server was broken (okay, this machine was not running *BSD but some SUN
| cra*** err, SUN operating system, I guess Solaris).
|
| This was a bit shocking, I took a look on the stuff I always install
| that does NOT come signed and MPlayer is among that software, so my
| question to the developers, why don't you sign the sources with GnuPG or
| PGP 2.6.x ?
|
| You even DO NOT print any MD5 hashes on your website for the packages !
| Imagine one day your server gets hacked, a gpg signature is the only way
| to tell that a certain package is okay or not ! Okay, assumed that you
| use gpg the right way and don't have your secret keys on a machine
| that's hosting the sources and is connected to the net...
|
| Curious to see what the developers have to say about this...
|
|
| _______________________________________________
| RTFM!!! http://www.MPlayerHQ.hu/DOCS
| Search: http://www.MPlayerHQ.hu/cgi-bin/htsearch
| http://mplayerhq.hu/mailman/listinfo/mplayer-users
I think this would be great.
- --
Computer Engineering Student
Public Key Id : 0x6CA8FD1E
Key server : www.keyserver.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with MultiZilla - http://enigmail.mozdev.org
iD8DBQE9TVIyxYz8yWyo/R4RAp35AKDCMIfgIHXGDFGUrdvaH6fUTc1gKQCgzBhZ
zX5+1tpK/opuGatI05bYzVg=
=GzpJ
-----END PGP SIGNATURE-----
More information about the MPlayer-users
mailing list