No, they don't have to give their private key out to do so. They can
all sign without risking losing the security of the key.
Comrade Ringo Kamens
On 6/21/07, Benjamin Schieder <[EMAIL PROTECTED]> wrote:
On 21.06.2007 14:38:37, Ringo Kamens wrote:
> There are already several CDs like this such as RockAte, anonym.os,
> etc. It would be nice if the developers could sign the release so we
> could verify the authenticity of the Tor copies.
Signatures are meaningless if they're on the same physical computer. Anyone
compromising the server hosting both will easily change both.
Greetings,
Benjamin
--
Benjamin 'blindCoder' Schieder
Registered Linux User #289529: http://counter.li.org
finger [EMAIL PROTECTED] | gpg --import
--
http://www.rocklinux.org/ The Distribution Build Kit
