>>>>> On Fri, 7 Jul 2006 03:52:52 +0200, "A. Pagaltzis" <[EMAIL PROTECTED]> >>>>> said:
> * Adam Kennedy <[EMAIL PROTECTED]> [2006-07-07 03:25]: >> Andreas J. Koenig wrote: >> >>>>>>On Fri, 07 Jul 2006 10:02:00 +1000, Adam Kennedy <[EMAIL PROTECTED]> >> >>>>>>said: >> > >> (What would be marginally worth it is having PAUSE sign >> > >> distros. At least we can assure that the CPAN mirror >> > >> didn't tamper with the files, which I think is the most >> > >> likely "attack" on CPAN.) >> > >> > > Frankly, that's the best idea I've heard yet. >> > >> >What does it bring you more that the signed CHECKSUMS file? >> > >> >> That sounds more or less equivalent. Are they signed now? > And if so, by whom? It's a batch signing key. This doesn't bring you what a web of trust brings you but I never pretended it did. By the way, I liked your summary of the situation in your posting <[EMAIL PROTECTED]> and I wonder how we could promote the web of trust on CPAN which clearly is the only way forward. Maybe we need a perlish kind of building it. It's not perlish to show each other a passport and make sure that the image there matches the face. -- andreas
