> I tend to disagree with your assertion that PGP signtures are less > important than MD5 signatures. But then again, given how badly > connected the PGP keys used to sign most Jakarta releases are, you > are probably correct. A signature by a key that hasn't been signed > by anybody else isn't much better than a MD5 hash.
Perhaps, but PGP signatures are better, and there are things happen to improve the ASF WoT, such as our own CA server. --- Noel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]