Re: Packages and signatures
Quoting Manoj Srivastava (email@example.com):
> >>"Nicolás" == Nicolás Lichtmaier <firstname.lastname@example.org> writes:
> Nicolás> Yes, it's very reasonable (but all signatures should be
> Nicolás> from autobuilders, and no developer should be allowed to
> Nicolás> upload binaries, but that's another flamewar I won't start
> Nicolás> now =) ).
> You really think a signature by an automated process has any
> security significance whatsoever?
In the context of our discussions in Atlanta (CVS/make world et al.),
it would have the advantage that the package would be build in an clean
common environment and not on one of 500 different machines with 500
different configurations where nobody knows who broke in already.