|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: adding gpg to src/gnu/dist
From: Marc Tooley (netbsdMLpostNO
SPAM.quake.ca)
Date: Fri May 14 2004 - 11:40:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thursday 13 May 2004 08:25, Thor Lancelot Simon wrote:
>
> For example, in the extensive list of gpg command-line invocations
> for which you asked for equivalents, quite a few of them are
> associated with web-of-trust management. But (for this purpose)
> we don't have a web of trust; we have a trust hierarchy. This
> means that a huge amount of the functionality in GPG is superfluous,
> whatever one thinks of how it's implemented.
Wouldn't a web-of-trust be a more reliable source of public key
information than a top-down hierarchy? I can be "more" sure that the
NetBSD public key is the real public key if a bunch of trusted,
intelligent friends also think it's the right public key.
I'd like to avoid being snaggled one afternoon downloading some new
packages that are signed by a key I thought was genuine.
Or am I missing something?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]