[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Emacs 22.1 released
|
From: |
Doug McLaren |
|
Subject: |
Re: Emacs 22.1 released |
|
Date: |
Tue, 5 Jun 2007 09:28:31 -0500 |
In article <mailman.1548.1180925943.32220.info-gnu-emacs@gnu.org> you write:
| GNU Emacs 22.1 has been released. It is available on the GNU ftp
| sites at ftp.gnu.org/gnu/emacs/ and its mirrors (see
| http://www.gnu.org/order/ftp.html).
|
| The MD5 check-sum is the following:
|
| 6949df37caec2d7a2e0eee3f1b422726 emacs-22.1.tar.gz
Might want to start giving other check sums in addition to MD5
checksums -- MD5 is no longer cryptographically secure.
(Or not give any checksums at all, I guess.)
Perhaps you should include a GPG signed key of the file in addition to
the MD5 ?
Having a MD5 that matches is no longer a reasonable guarantee that
your file has not been corrupted, and so it gives a false sense of
security. Sure, it'll protect you against a file corrupted by a bad
disk, or a truncated file (but the checksum in gzip will do that too)
but it won't protect you against somebody hacking up a version, making
the md5sum match, and then putting it up on a mirror somewhere.
emacs isn't run setuid or anything like that (except maybe
emacsclient, if anybody uses it) but there's still a security risk if
it's compromised.
--
Doug McLaren, dougmc@frenzied.us
"What luck for rulers that men do not think." --Adolf Hitler
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: Emacs 22.1 released,
Doug McLaren <=