Re: 1.2.0-rc2 tarballs up for testing/signing

On Fri, Apr 22, 2005 at 09:50:33AM -0400, Andrew Thompson wrote:
> Ben Collins-Sussman wrote:
> >>md5sums:
> >>e308330a619aac4331263b19dda2a4bc subversion-1.2.0-rc2.tar.gz
> >>342acdc60e41232ba3b686913e1cad24 subversion-1.2.0-rc2.tar.bz2
> >>2d8d6d269c0567451cfc7aab2ecadbdb subversion-1.2.0-rc2.zip
> >>
> >>sha1sums:
> >>f1a6c296eba12e62b26c9060be11e3fd20e5a7d7 subversion-1.2.0-rc2.tar.gz
> >>8ae73653cbbe8dbd573a86eeac7e7252f1dca080 subversion-1.2.0-rc2.tar.bz2
> >>bdd3d2a11363710eb45b01f554633066bdcd1e72 subversion-1.2.0-rc2.zip
> >>
> >>Please test and send me your signatures. Thank you.
> >
> >Here's my signature for the .tar.gz:
>
> Could someone explain to me the purpose of signatures when the sums have
> been provided by the packager?

As Karl and Sussman have already said they exist to formalize our
testing procedures and as a more secure way of verifying the files.

But to add to what they've said. The main reason for wanting multiple
keys is to deal with potentially compromised keys. If for instance my
key were to become compromised and I were to revoke it then most people
would have to assume that all of my signatures were invalid. They
wouldn't have enough information to know what signatures they could
trust and what they couldn't.

By having multiple signatures on every release someone would have to
compromise all of the signers' keys. This would be very difficult and
improbable. Which helps keep the verification method useful far into
the future.

-- 
Ben Reser <ben@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org