1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On Thursday 08 January 2004 08:12, John Nilsson wrote: |
5 |
> > Uh, how silly. Either you trust someone with the whole tree or you |
6 |
> > don't trust them at all. |
7 |
> |
8 |
> Why not build something around a "web of trust" with pgp signatures? |
9 |
> Have an open tree where people could submit anything that passed |
10 |
> autotests. All submisions would be signed. Signed content could only |
11 |
> get updated buy user with same signature or dev with higher trust for |
12 |
> that area. |
13 |
|
14 |
This does not help at all for initial submissions. It allows anyone who |
15 |
knows how to create a pgp key to get something in the tree. However if |
16 |
you make some nuances to this idea, I think it could be workable. |
17 |
|
18 |
Paul |
19 |
|
20 |
- -- |
21 |
Paul de Vrieze |
22 |
Gentoo Developer |
23 |
Mail: pauldv@g.o |
24 |
Homepage: http://www.devrieze.net |
25 |
-----BEGIN PGP SIGNATURE----- |
26 |
Version: GnuPG v1.2.4 (GNU/Linux) |
27 |
|
28 |
iD8DBQE//SlbbKx5DBjWFdsRAmd/AKCrUJtoK0rAh45WfNOBuQQrGjYwhQCgyXnp |
29 |
8dvq60N2noGeWGygqoG9Rk0= |
30 |
=sVYb |
31 |
-----END PGP SIGNATURE----- |
32 |
|
33 |
|
34 |
-- |
35 |
gentoo-dev@g.o mailing list |