>> IBM packages for PTFs and HOLDDATA are currently not yet being signed, but 
>> they will be later this year.  Stay tuned.
>>
> At e.g. <https://public.dhe.ibm.com/eserver/zseries/holddata/month.txt>, I 
> see:
> "Verified by DigiCert."  Is that adequate?

Securing the download may very well be adequate for many.  Digitally signing 
the actual files that are downloaded (the package) is an additional protection. 
 Signing a GIMZIP package, and then verifying the signature of that package, 
increases confidence in the authenticity (who produced it?) and the integrity 
(has it changed in transit?) of the package.

Kurt Quackenbush
IBM  |  z/OS SMP/E and z/OSMF Software Management  |  ku...@us.ibm.com

Chuck Norris never uses CHECK when he applies PTFs.


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to