| 1 |
On Fri, Mar 25, 2011 at 6:11 AM, Peter Volkov wrote: |
| 2 |
> ÷ þÔ×, 24/03/2011 × 17:59 -0400, Mike Frysinger ÐÉÛÅÔ: |
| 3 |
>> is there any reason we should allow people to commit unsigned |
| 4 |
>> Manifest's anymore ? |
| 5 |
> |
| 6 |
> Why? Without policy on how we do that and more importantly how we check |
| 7 |
> that signing makes no sense... |
| 8 |
|
| 9 |
so you want to wait until we have a 100% fully automated checking |
| 10 |
system in place before even attempting the first 1% ? that doesnt |
| 11 |
make much sense ... you have to start somewhere. |
| 12 |
|
| 13 |
there's also nothing stopping people from verifying packages right now |
| 14 |
by picking some keys to trust. i can certainly verify a lot of |
| 15 |
packages by following the web of trust that starts at my key. |
| 16 |
-mike |
Archives