[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PGP Keys

To: Jorge Medina <jmedina@e-dialog.com>
Subject: Re: PGP Keys
From: Kurt Zeilenga <Kurt@OpenLDAP.org>
Date: Wed, 30 Jul 2008 18:16:20 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <9DD36C99332AB7438F8D73C048D8C62C012B0AB4@sneezy.ad.e-dialog.com>
References: <9DD36C99332AB7438F8D73C048D8C62C012B0AB4@sneezy.ad.e-dialog.com>


On Jul 30, 2008, at 4:33 PM, Jorge Medina wrote:

Do anybody knows where I could get the PGP keys to verify the integrity of the source code I downloaded from a mirror?


PGP is not used to sign releases or release announcements.

To verify the integrity of a tarball download from ftp.openldap.org or a mirror, you can check it against the SSHA1 and/or MD5 hashes published as part of the announcement for the release (posted to openldap-announce@openldap.org , archived in that list's archives).

Hash verification is not intended to detect instances where openldap.org hosted services have been hijacked or otherwise seriously compromised.

-- Kurt

Follow-Ups:
- Re: PGP Keys
  - From: Dominic Hargreaves <dominic.hargreaves@oucs.ox.ac.uk>

References:
- PGP Keys
  - From: "Jorge Medina" <jmedina@e-dialog.com>

Prev by Date: Re: Clearing the entire ldap directory
Next by Date: Re: Clearing the entire ldap directory
Index(es):
- Chronological
- Thread