pgp/contrib/md5sum/readme - annotate

Return to readme CVS log

Up to [PGP] / pgp / contrib / md5sum

Annotation of pgp/contrib/md5sum/readme, revision 1.1.1.1

1.1       root        1: This utility computes MD5 checksums of files, ignoring end-of-line
                      2: conventions unless the -b (binary) flag is set.  The file "pgp22.md5"
                      3: contains the signatures of all the files in the source.  If you are
                      4: in the source directory and run "md5sum -c pgp22.md5", you will get
                      5: an error message if any files fail to match.  If all files match,
                      6: nothing will be printed.
                      7: 
                      8: You need to borrow some files from the PGP sources to compile this
                      9: utility (md5.c, md5.h, and possibly the getopt implementation);
                     10: see the md5sum.c file for details.
                     11: 
                     12: The file pgp22.md5 is signed by one of the developers, so you can be
                     13: reasonably sure it's correct.  It would be possible for a hard-working
                     14: miscreant to fiddle with the distribution so all of this mutual checking
                     15: would not show any errors, but it's not going to happen accidentally.
                     16: And if you have a previous version of PGP that you trust, it's not going
                     17: to happen at all.
                     18: 
                     19: The only other thing that's needed is a detached PGP signature of the
                     20: md5sum.c file, and anyone with a previus version of PGP that they trust
                     21: can be sure that no tampering has occurred anywhere, and that's here:
                     22: 
                     23: -----BEGIN PGP MESSAGE-----
                     24: Version: 2.2
                     25: 
                     26: iQBgAgUBK5lOzMo9of2GWqfzAQFJMAJXUdMp9HjcGQZg/m1cPZ+YrhWMB+CANXzL
                     27: cAin6ZB5jCuq5BQefEeyzoT1ceBM0I3ujb+8z3+gKLtyi/jl8c1ypFbjT4og8udz
                     28: lwAl
                     29: =U8fl
                     30: -----END PGP MESSAGE-----
                     31: 
                     32: (And my and Branko's keys are in the supplied key ring, signed by
                     33: Philip Zimmermann, so you know that we are who we say we are, and if
                     34: there are any trojan horses in the source, you know who put them there.
                     35: Isn't security fun?)
                     36: -- 
                     37:        -Colin <[email protected]>

unix.superglobalmegacorp.com

This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.