----- Original Message ----- From: "Charles Wilson" <[EMAIL PROTECTED]> To: "Robert Collins" <[EMAIL PROTECTED]> Sent: Thursday, July 11, 2002 10:17 AM Subject: Re: unofficial packages
> Robert Collins wrote: > > Yes, this requires documenting who maintains packges, but it doesn't have to > > be easily available to end users (i.e. the user interface doesn't have to > > expose it). > > > Hmmm...so *setup* would have to know who maintains what, as far as > official packages go. Now, this can't be compiled-into the executable; > it has to be distributed from the mirrors. Are you thinking encryption? > 'cause that's pointless -- the decryption key has to be bound into > setup.exe; thus, available from setup's sources. No, I'm think it's part of the setup.bz2 file. It's not like folk need to read that themselves, and as you say, cygwin-announce already documents every maintainer. And we could do something like: Give every official maintainer an @cygwin.com address, and those addresses point straight into [EMAIL PROTECTED] for maintainers that object to private mail. This means that: gpg can validate [EMAIL PROTECTED] on the key chain. No one knows your personal email. Thoughts? Rob
