|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: adding gpg to src/gnu/dist
From: Love (lha
stacken.kth.se)
Date: Fri May 14 2004 - 11:53:50 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Marc Tooley <netbsdMLpostNOSPAM.quake.ca> writes:
> Wouldn't a web-of-trust be a more reliable source of public key
> information than a top-down hierarchy? I can be "more" sure that the
> NetBSD public key is the real public key if a bunch of trusted,
> intelligent friends also think it's the right public key.
I'm sure we can get your trusted intelligent friends to sign the
CA-certificate file with their pgp keys once they have make sure its the
right certificate.
> I'd like to avoid being snaggled one afternoon downloading some new
> packages that are signed by a key I thought was genuine.
That why you use a attribute in the x509 certificate (called extented
keyusage) that marks the certificate as a code signing certificate approved
by the CA.
Love
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)
iQEVAwUAQKT5oHW+NPVfDpmCAQJU9gf/VnkDQF4u7WaXcs2qY4c3fq5oHK6sLHAm
v34J1Wp3pNi306VWXBqYikOa7ZTtbBKuQb+xVudztIo4AmRi1sGI7hZeYx+fqcyv
f0ari0o5ryBT9A+tzmZzCOk0BL3TevQ3RNp6FeiSKpyAr7fZiqC+v13Vt7oKBIEY
lXDcQh8aXnDtDE165zOc+Cel++UQoezkKvFbQDP50xECzI8b4En7lqHdyuIueiLq
l56ifCUXzJgfQU7JqAlafD6722oYRWPiz003IFDhOZX0Mm7gt6KMRcD6v3rm2eKL
c2qCh5A22u05HqjrN4ai/DarOemi5JxSoS/0KgG49vLtIzZMAcfr6g==
=6BcP
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]