Il giorno 11/feb/2013, alle ore 20:33, Justin Cappos <[email protected]> ha scritto:
> Once again, apologies for being mostly out of this discussion for the next 10 > days or so, but I did want to jump in and clarify a point. > > TUF can be used exactly with a one-key-per-devel model. (If fact, see our > CCS 10 paper on this for details.) > It's possible to revoke keys and have split keys, etc. but a "simple" > developer setup is just as simple as what you propose. Sorry I can't find this in the CCS10 document, but maybe it's just that I don't understand what you mean. The document talks about 1 key per role (ยง8.2), but there are still 4 roles that need to be implemented, as far as I can tell. Are you suggesting that a single developer only handles the target role, while the others are centrally handled by PyPI? -- Giovanni Bajo :: [email protected] Develer S.r.l. :: http://www.develer.com My Blog: http://giovanni.bajo.it
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
