Re: PGP verifyable Squid code

From: Alex Rousskov <>
Date: Mon, 8 Jun 1998 11:13:35 -0600 (MDT)

On Mon, 8 Jun 1998, Michael Samuel wrote:

> md5sum would be a bit more useful.

IMO, MD5 is less useful because it does not authenticate the author of the
information. Anybody can generate valid MD5s over invalid content so MD5 does
not protect you from the man-in-the-middle attack.

However, since MD5 was much easier to add than PGP, we now post MD5s for
Squid source archives and diffs. :)



> But, how can you trust the real Squid anyway?

Received on Mon Jun 08 1998 - 10:15:20 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:40:39 MST