From: Derek Atkins <warlord@MIT.EDU>
To: “Jeff Weinstein” <jsw@netscape.com>
Message Hash: df31985917201b6ad595d676baaaa5642e945ad03cf9dc93c71e9d97c63354ec
Message ID: <199510040123.VAA11236@toxicwaste.media.mit.edu>
Reply To: <9510031403.ZM151@tofuhut>
UTC Datetime: 1995-10-04 01:23:46 UTC
Raw Date: Tue, 3 Oct 95 18:23:46 PDT
From: Derek Atkins <warlord@MIT.EDU>
Date: Tue, 3 Oct 95 18:23:46 PDT
To: "Jeff Weinstein" <jsw@netscape.com>
Subject: Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape's dependence upon RSA down for the count!)
In-Reply-To: <9510031403.ZM151@tofuhut>
Message-ID: <199510040123.VAA11236@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain
> Yes, I get the idea about spewing the signed hashes everywhere. The
> problem I have is with the user of PGP. That will help cypherpunks,
> but does absolutely nothing for most of our millions of users, who
> have no idea what PGP is. Perhaps its enough to assume that if anyone
> is tampering with the distribution, some cypherpunk will stumble across
> it...
If nothing else, Jeff, it will expose those "millions of users, who
have no idea what PGP is" to PGP. And, hopefully, some of those
"millions of users" might even take the time to grab PGP and take a
look at that, too.
In other words, there is nothing to lose (except a little bit of time
and effort, and a small amount of storage space) and there is a heck
of a lot to gain by including PGP signatures.
-derek
Return to October 1995
Return to “sameer <sameer@c2.org>”