Re: PGP signing releases

On Sun, 2 Feb 2003, Neil Conway wrote:

> Folks,
>
> I think we should PGP sign all the "official" packages that are provided
> for download from the various mirror sites. IMHO, this is important
> because:
>
> - ensuring that end users can trust PostgreSQL is an important part to
> getting the product used in mission-critical applications, as I'm sure
> you all know. Part of that is producing good software; another part is
> ensuring that users can trust that the software we put out hasn't been
> tampered with.

right, that is why we started to provide md5 checksums ...

> I'd volunteer to do the work myself, except that it's pretty closely
> intertwined with the release process itself...

well, if you want to tell me the steps, I'll consider it ...