But in order to sign the files, the public key for the signature would have to be posted somewhere! Perhaps the author's profile page would be a good place to put that, the author could password protect this page? But if we do that, why not simply put the MD5 hashes on the author's profile page instead?
-Martin --- On Mon, 9/22/08, Christophe David <[EMAIL PROTECTED]> wrote: > From: Christophe David <[EMAIL PROTECTED]> > Subject: Re: [pmwiki-users] Infected Cookbook Recipes? > To: "Hans" <[EMAIL PROTECTED]> > Cc: "PmWiki Users" <pmwiki-users@pmichaud.com> > Date: Monday, September 22, 2008, 9:12 AM > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > But it is quite a bit of extra work, and it forces a > user to install > > GPG in order to use the recipe. > > No: the user gets a .zip file containing the recipe that > can be used > directly. If *and only if* he wants to validate it, he can > use GPG. > > The developer would just upload a zip file instead of a php > file. > > Many files are already distributed on the internet with a > signature > file: look for example at PasswordSafe on > > http://sourceforge.net/project/showfiles.php?group_id=41019&package_id=33169&release_id=623132 > > http://passwordsafe.sourceforge.net/ > > Each file is supplied with a signature. > > Christophe > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFI15nKyu9YWMK6LU8RAvjoAJ0RYYZ6bx1Vem3XWcwvitcUDttv4wCggaxR > JmuczuYKnBa2whdQjG0d7yY= > =A/sn > -----END PGP SIGNATURE----- > > _______________________________________________ > pmwiki-users mailing list > pmwiki-users@pmichaud.com > http://www.pmichaud.com/mailman/listinfo/pmwiki-users _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users