On Mon, 2002-07-15 at 12:23, Anthony Towns wrote: > On Mon, Jul 15, 2002 at 12:16:08PM +0200, Adrian 'Dagurashibanipal' von Bidder wrote: > > On Mon, 2002-07-15 at 11:45, Anthony Towns wrote: > > > On Mon, Jul 15, 2002 at 02:28:54AM -0700, Sean 'Shaleh' Perry wrote: > > > > gnupg itself is not really a requirement for most users it is there more > > > > because we developers need it for Debian itself. > > > Is this where we invite people to trojan your Debian mirror, and > > > demonstrate gpg's utility for the average Debian user, btw? > > Sorry to jump in here, but gpg is *not* useful in terms of pkg > > management for the average user as long as debs are not auto-checked on > > install by dpkg. > > Auto-checking by dpkg is overrated. Not sure what you mean here. IMHO the end-users should not even be required to care about pkg integrity beyound saying 'yes, this one pkg/key is trusted' once, but should be warned if an untrusted pkg is accidentally downloaded. Wouldn't this require all pkgs to be checked? [Yes, this issue has probably been beaten to death previously. Anybody has the link to the most recent discussion handy?] > > (And this in turn, of course, is not going to happen > > until a properly defined trust infrastructure is in place, probably with > > a 'Debian master key' or something like that.) > > It's in beta, and there was a thread just a few days ago pointing you > at the appropriate key and software to use. I just found the few mails in the 'wishlist for woody+1' thread recently. Was there some more discussion? (Probably I searched for all the wrong keywords...) cheers -- vbi -- secure email with gpg http://fortytwo.ch/gpg
Attachment:
signature.asc
Description: This is a digitally signed message part