[advocacy] Artist Licensing
Edmund GRIMLEY EVANS
edmundo
Wed Sep 12 03:41:39 PDT 2001
Aaron Plattner (aaronp at crosswinds.net):
> Along these lines, how useful do you think it would be to have support for
> running GPG/PGP over the contents of an Ogg verifying a signature embedded as a
> comment or in the metadata? That way you could know for sure that a particular
> song was released to the public because it was signed by the artist. This would
> also let you know if a file somehow got corrupted (like MP3's have a tendency to
> do for some reason).
That sounds like overkill to me. The artist can just put a list of MD5
sums on their website, which you compare. GPG would protect you
against a "man in the middle" attack against your communication with
the web site, but, since the data you're checking is music rather than
a kernel module that might compromise an entire system, say, why would
anyone organise such an elaborate attack?
Edmund
--- >8 ----
List archives: http://www.xiph.org/archives/
To unsubscribe from this list, send a message to 'advocacy-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Advocacy
mailing list