[Esd-l] ANN: Sanitizer update - 1.135 released

Peter Hanecak hanecak at megaloman.com
Wed Jun 5 01:03:01 PDT 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello John,

On Sun, 26 May 2002, John D. Hardin wrote:

> --[PinePGP]--------------------------------------------------[begin]--
> 
> The procmail sanitizer has been updated. The current version is 1.135
> It is available via:
...
> 
> --[PinePGP]-----------------------------------------------------------
> gpg: Signature made Mon 27 May 2002 06:02:59 AM CEST using DSA key ID B8732E79
> gpg: Good signature from "John D. Hardin <jhardin at wolfenet.com>"
> --[PinePGP]----------------------------------------------------[end]--

you are for some time signing release announcements. That's wery good - we 
can better check whether messages comes from you and whether they are 
unaltered.

So can I ask you to sign also distribution files? So we can verify also 
the sanitizer itself.

You can either (first best suits me :) :

1) generate and make available detached signature of distribution tarball, 
say:

US/WA:  http://www.impsec.org/email-tools/procmail-sanitizer.tar.gz
US/WA:  http://www.impsec.org/email-tools/procmail-sanitizer.tar.gz.sig

- - that way we can verify whole tarball


2) sign .md5 files inside distribution: that way we can verify, that 
.md5 files are OK so we can then trust those MD5 sums


3) generate detached signatures for files which also have .md5 files 
associated: that way we can verify those files


4) ... well, we can come up with a lot of other signing scenarios, but 
they may be usable more or less then those above (more likely less :) , 
any sugestions?)


Sincerely

Peter Hanecak

- -- 
===================================================================
  Peter Hanecak <hanecak at megaloman.com>
  GPG pub.key: http://www.megaloman.com/gpg/hanecak-megaloman.txt
===================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE8/cUY1rzDsblwlA8RAjr2AKCKvi2AdPQhx75HlUZl6fPUwY9WUwCfc3Vk
wcOck6mwIZyugG+yfFoxTVM=
=5z2a
-----END PGP SIGNATURE-----

More information about the esd-l mailing list