1 |
On Fri, Mar 25, 2011 at 6:11 AM, Peter Volkov wrote: |
2 |
> ÷ þÔ×, 24/03/2011 × 17:59 -0400, Mike Frysinger ÐÉÛÅÔ: |
3 |
>> is there any reason we should allow people to commit unsigned |
4 |
>> Manifest's anymore ? |
5 |
> |
6 |
> Why? Without policy on how we do that and more importantly how we check |
7 |
> that signing makes no sense... |
8 |
|
9 |
so you want to wait until we have a 100% fully automated checking |
10 |
system in place before even attempting the first 1% ? that doesnt |
11 |
make much sense ... you have to start somewhere. |
12 |
|
13 |
there's also nothing stopping people from verifying packages right now |
14 |
by picking some keys to trust. i can certainly verify a lot of |
15 |
packages by following the web of trust that starts at my key. |
16 |
-mike |