1 |
On Thu, 6 Jun 2002, Alexander Holler wrote: |
2 |
|
3 |
> what do you think about signing the ebuilds and digests with gpg? |
4 |
|
5 |
Since there are multiple ebuild-providers (in contrast to a single one, |
6 |
ala official RedHat RPMs), you would need to develop a PKI. Once you say |
7 |
PKI, things get complicated quickly, and I do no think that the complexity |
8 |
required satisfies a current need. Simple digests as they are currently |
9 |
done is much better, IMO. |
10 |
|
11 |
-- |
12 |
Frank Tobin http://www.neverending.org/~ftobin/ |