| 1 |
> Uh, how silly. Either you trust someone with the whole tree or you don't |
| 2 |
> trust them at all. |
| 3 |
|
| 4 |
Why not build something around a "web of trust" with pgp signatures? Have an |
| 5 |
open tree where people could submit anything that passed autotests. All |
| 6 |
submisions would be signed. Signed content could only get updated buy user |
| 7 |
with same signature or dev with higher trust for that area. |
| 8 |
|
| 9 |
The choice of trust-level is then up to the sys-admin. |
| 10 |
|
| 11 |
This idea is a bit rough, but I think it could be intresting to build on. |
| 12 |
|
| 13 |
/John |
Archives