On Wed, Feb 03, 2010 at 09:32:12PM +0300, Lex Rivera wrote:
> On 03/02/10 19:10, Florian Friesdorf wrote:
> >
> > What about a peer trust network? Publishing packages on the AUR would
> > involve giving an pgp public key. People sign their PKGBUILDs using
> > their private key. People can define trust relationships towards other
> > people ("I trust this person to write good PKGBUILDs" and "I trust this
> > person's trust in other's"). Being a TU would mean to be signed by the
> > TU-Authority (or whatever) and trusting the TU authority's trust would
> > mean you can install packages that are created by TU's.
>
> Peer trust network? Isn't that too hard for ordinary user? Download
> key, import it, set trust level... If there will be some list of
> "Checked Users" this will be easier and friendlier. But peer trust net
> is nice idea anyway.yaourt could ship with the TU-Auth's public key and it's default configuration could be to trust packages by people that are signed by the TU-Auth. key management should further be integrated into yoaurt (or the like) -- Florian Friesdorf <[email protected]> GPG FPR: EA5C F2B4 FBBB BA65 3DCD E8ED 82A1 6522 4A1F 4367 Jabber/XMPP: [email protected] OTR FPR: 9E191746 213321FE C896B37D 24B118C0 31785700 IRC: chaoflow on freenode,ircnet,blafasel,OFTC
pgpWkBQeCpBvI.pgp
Description: PGP signature
