| 1 |
On Thu, Nov 11, 2004 at 01:42:48PM -0500 or thereabouts, Molavi, Dariush wrote: |
| 2 |
> I've spent the past few days watching this drama unfold and kept quiet. Why do the developers feel like they have to bend over backwards over what one person feels is "enough"? Unless he's willing to pony up the time to implement a fix (and money, if the current rsync servers can't handle the load and need to be upgraded), I think that the developers all have the best interests of the community in mind, and that we should trust their judgement on the issue. |
| 3 |
|
| 4 |
We're not and we won't. There are a number of other folks not named Peter |
| 5 |
on this list who expressed an interest in a short-term solution that, |
| 6 |
considering the minimal risk associated with adding a signed file to our |
| 7 |
snapshots dir, makes it worthwhile to implement. |
| 8 |
|
| 9 |
The solution that Peter is requesting (generating hashes of files not |
| 10 |
already hashed and then signing all Manifests/hashes) is considerably more |
| 11 |
risky and is not something I will implement since we have a more robust, |
| 12 |
better solution in the works already. |
| 13 |
|
| 14 |
--kurt |
Archives