1 |
> Uh, how silly. Either you trust someone with the whole tree or you don't |
2 |
> trust them at all. |
3 |
|
4 |
Why not build something around a "web of trust" with pgp signatures? Have an |
5 |
open tree where people could submit anything that passed autotests. All |
6 |
submisions would be signed. Signed content could only get updated buy user |
7 |
with same signature or dev with higher trust for that area. |
8 |
|
9 |
The choice of trust-level is then up to the sys-admin. |
10 |
|
11 |
This idea is a bit rough, but I think it could be intresting to build on. |
12 |
|
13 |
/John |