[Date Prev][Date Next]
Re: PGP Keys
On Jul 30, 2008, at 4:33 PM, Jorge Medina wrote:
Do anybody knows where I could get the PGP keys to verify the
integrity of the source code I downloaded from a mirror?
PGP is not used to sign releases or release announcements.
To verify the integrity of a tarball download from ftp.openldap.org or
a mirror, you can check it against the SSHA1 and/or MD5 hashes
published as part of the announcement for the release (posted to firstname.lastname@example.org
, archived in that list's archives).
Hash verification is not intended to detect instances where
openldap.org hosted services have been hijacked or otherwise seriously
- Re: PGP Keys
- From: Dominic Hargreaves <email@example.com>
- PGP Keys
- From: "Jorge Medina" <firstname.lastname@example.org>