> I tend to disagree with your assertion that PGP signtures are less
> important than MD5 signatures. But then again, given how badly
> connected the PGP keys used to sign most Jakarta releases are, you
> are probably correct. A signature by a key that hasn't been signed
> by anybody else isn't much better than a MD5 hash.
Perhaps, but PGP signatures are better, and there are things happen to
improve the ASF WoT, such as our own CA server.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
