Forgot to reply to the 2nd part of the mail, so here goes: On Wed, May 09, 2001 at 12:28:33PM +0700, Oki DZ wrote: > Hi, > > Recently I tried to verify the source from www.linux.org, but I had the > following: <snip> > > BTW, for verification of originality of the tarball, wouldn't it be > easier using MD5? > > okidz@bdg:~$ md5sum linux-2.4.4.tar.bz2 > b2cb01dfca76829c31ddc61445e4bbb9 linux-2.4.4.tar.bz2 No! md5sum does not give any indication of "where" the file has come from - only that the checksum is valid. So in essense, the file has been transferred without errors. A GPG signature of the file allows you to associate a person/organisation with the file. He/they signed it. And if the signature is valid, then the file has not been tampered with since it left him/them. > Oki > > -- > The JanosVM supports separate per-team heaps, per-team garbage > collection threads, inter-team thread migration, safe cross-team > reference objects, and a spiffy tutorial. > http://www.cs.utah.edu/flux/janos/janosvm-0.5.0/ANNOUNCE > > > -- > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > > -- Karl E. Jørgensen karl@jorgensen.com www.karl.jorgensen.com ==== Today's fortune: We warn the reader in advance that the proof presented here depends on a clever but highly unmotivated trick. -- Howard Anton, "Elementary Linear Algebra"
Attachment:
pgpyBUb6lPNyG.pgp
Description: PGP signature