|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: adding gpg to src/gnu/dist
From: der Mouse (mouse
Rodents.Montreal.QC.CA)
Date: Mon May 17 2004 - 13:09:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>>> [...nbsvtool...gnupg...]
>> [...nbsvtool...gnupg...]
> [...nbsvtool...gnupg...]
I have a suggestion which may be heretical, but seems reasonable to me:
why not sign things with GPG, PGP, nbsvtool, and whatever other forms
of sigature we think have wide enough acceptance to be worth using?
(S/MIME, maybe?) The nbsvtool (or whatever) signatures can be checked
by the NetBSD tools, with any of them checkable by humans who want to
make sure they've got a clean distribution when they have it on some
other (non-NetBSD) machine.
The truly paranoid, of course, will check them all, which is as it
should be; as someone pointed out, having more signatures cannot make
the file itself less secure - at most they can lead to a false sense of
security, and I don't think that's a danger when providing a half-dozen
different forms of signature over the same files.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouserodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]