[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Signing Packages.gz



On Sat, Apr 01, 2000 at 03:38:29PM +0200, Marcus Brinkmann wrote:
> I could not trust either. The former, because it is stored on a network
> connected machine, the latter because it is transfered over the net (if it
> is shared among the security team). Of course, if the security team use
> their personal key in the latter case, I can trust it.

Are you really sure that no developer stores their key on a net connected
machine?

Also, what's so fundamentally wrong with transferring a secret key over
the net? Hint: PGP does it every time you send an encrypted email.

Cheers,
aj

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG encrypted mail preferred.

 ``The thing is: trying to be too generic is EVIL. It's stupid, it 
        results in slower code, and it results in more bugs.''
                                        -- Linus Torvalds

Attachment: pgpMzJXipijET.pgp
Description: PGP signature


Reply to: