(fwd from jerry@theashergroup.com) Suggestion: describe (or link to) how to verify your distributions

Martin Pool mbp at sourcefrog.net
Fri Nov 22 21:00:01 GMT 2002

I'll write up a short page describing how to use them, unless Jerry
particularly wants to do it.

----- Forwarded message from jerry at theashergroup.com -----

From: jerry at theashergroup.com
Subject: Suggestion: describe (or link to) how to verify your distributions
Date: Fri, 22 Nov 2002 20:21:38 GMT
To: security at samba.org

Hi folks,

Thanks for all your work.  Thanks for taking the time to secure it and to 
distribute it in a secure fashion. 

Today as I downloaded your new version, aware of the openssh trojan and
aware that MD5 signatures hosted on the same server doesn't verify
anything, I was pleased to find a digital signature for samba. 

A suggestion though.  In addition to providing the digital signature
it would be great if you could include a few links or a page or two
describing how to use it. 

I ask this, because I can't figure out how to get PGP to use your
signature.  And having visited CERT, PGP, GPG, and using google,
I am still stumped as to what to do with this
detached digital signature. 

You folks are one of the most important projects around.  It's terrific
that you are distributing digital signatures, you could improve on
that a bit by distributing information on how to use that
digital signature. 

Thank you, 

Jerry Asher

----- End forwarded message -----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20021122/ff634f91/attachment.bin

More information about the samba-technical mailing list