Rainer Jung wrote: > > Some people seem to indicate, that the implementation of pgp is safer, > on the other hand md5sum etc. have a builtin check option (-c), so you > can run them directly against the checksum file to compares the checksum > in the checksum file with a freshly computed checksum of the base file. > This seems handy to me. It looks like gpg is not able to do that, i.e. > you have to compare the sums by staring at them. Of course with gpg you > can check using the signature file.
That is frustrating. I wish we didn't illustrate it in our release.sh scripts :( But a SHA1 or MD5 or whatever result is a specific value, the "Safety" argument is complete drivel (and I didn't complete it, either). I regenerated all the mod_fcgid .md5/sha1 artifacts and then verified they had not changed. This was necessary anyways due to the -beta rename, and I'll be doing the same for mod_ftp if we get that far.
