Re: Please sign software with GnuPG

 > it would be fine if you used a secure model for distributing software
 > as there is an increasing problem with trojans in hacked versions of
 > free software.

I am not a security expert, but:

It hardly is of much use if I do that when the sources for most of my
porting effors (the CVS repository at, using normal
weakly-authenticated (?) pserver CVS access) is not cryptographically
signed or highly secure? I won't notice if somebody hacks into there
and plants trojans.

I.e. the security implementation should cover more phases, not just
what I compile and build on my machine and put up for downloading.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]