We have a project freesite. This is established using revocable SSKs - essentially, it checks a list of keys where revocation certs might have been inserted, before granting access to the site. The site includes both source and binaries, and we offer automatic updates (possibly from source, as it may be easier to secure).
A pool of humans watch the CVS list, checking for anything unreasonable. That would be the developers. A pool of bots run by trusted humans watch the CVS list, and cross-check it against the actual SVN updates. If the two are inconsistent, they complain. They also fetch the source from the official freesite, and check that against the actual SVN of the relevant time. If that fails to match, some of them have the ability to insert a revocation certificate. Several of the devs also have the ability to insert a revocation certificate. -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20051208/e2e511ca/attachment.pgp>
