Re: Please sign software with GnuPG
- From: Tor Lillqvist <tml iki fi>
- To: Per Tunedal <pt radvis nu>
- Cc: gtk-devel-list gnome org
- Subject: Re: Please sign software with GnuPG
- Date: Sun, 3 Nov 2002 14:13:07 +0000
> it would be fine if you used a secure model for distributing software
> as there is an increasing problem with trojans in hacked versions of
> free software.
I am not a security expert, but:
It hardly is of much use if I do that when the sources for most of my
porting effors (the CVS repository at cvs.gnome.org, using normal
weakly-authenticated (?) pserver CVS access) is not cryptographically
signed or highly secure? I won't notice if somebody hacks into there
and plants trojans.
I.e. the security implementation should cover more phases, not just
what I compile and build on my machine and put up for downloading.
] [Thread Prev