-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/04/10 20:18, R P Herrold wrote: > On Fri, 9 Apr 2010, Carsten Krüger wrote: > >> Where is the problem? >> Signing could be easily integrated in build process. > > umm -- Signing requires unlocking the GnuPG key to get a human > set of eyes, and confirmation that all seems to be well into > the process > > -- an autosigning from a non-protected key cannot sensibly be > trusted, particularly with a process that has to run at some > point with root access rights >
Just to clarify here. We are talking about one particular situation here. This is for the openvpn-testing based drivers - meaning, the "unstable" development version, aimed for testing primarily and not production environments. In addition, this driver signing will only be relevant for Windows environments for now. kind regards, David Sommerseth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAku/pvUACgkQDC186MBRfrpblQCgpyY+10vnfJXXWJSWvBCmCc2l GJAAoJ9748YGWt9r2HEzzB+QjMf89dKY =dumJ -----END PGP SIGNATURE-----
