-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
On Donnerstag, November 28, 2002, at 09:00 Uhr, Carsten Klapp wrote:
Hi David,
Hi Carsten
I like the idea of signature verification. Better safe now than sorry later.I am very glad to hear that, which makes me think about this even more. It was pointed out to me in channel, that gpg contains strong cryptography and might not be suited for every country therefore. I admit, that I did not think of this and I shall do my very best to research the matter. Even though I would like to have this security feature optional for now, I am sure we could try and move it to a mandatory status later.
I have a few concerns:Come to think about it, automatic signing is a bad idea. The whole idea behind the interactive signing process of gpg is to make sure, that the person signing the package or message is really the one the key belongs to, thus the password. It would be possible to either share the secret key between all members or simply provide a central location which has to be protected properly, for signing packages, info and patch files.
- Scripts on the server which automatically sign committed info and patch files wouldn't stop a hacker, no?
I also wonder how the users think about it, after all gpg signing would require additional programs to be installed maybe even additional modules for fink to use gpg properly.
So please, all of you voice your opinion and please excuse the cross post.
- -d
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
iD8DBQE959JwiW/Ta/pxHPQRAyIxAJ0fee1GhTwqVFghpi3Dfvt6eQikqQCgxtd9
MJRKfzUoHZ9lLkUq56hPKKU=
=+zlf
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Fink-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/fink-devel
