On Sat, 1 Apr 2000, Anthony Towns wrote: > * the web of trust, and having the ftp-team sign it
The average user has no entry to the web of trust, so this is just as useless. (and massively involved for our poor end user) > * putting a fingerprint on the website and in Debian books, > and making it easy for people to verify said fingerprint This is probably the only thing we can do. > This key (or the private half thereof) wouldn't need to be anywhere near > any public machines, either. ? The dinstall daily key has to be on master and have no password. The securty key is kept by a handfull of people on their local machines who are rather panaroid. > Stick it on the ftp site, and use the web of trust. (If the secure-key that > you currently have trusts it, then it's good. Either because it's an update > of the old secure-key, or because it's an unstable-key). The security key must never be obsoleted, it should last the life time of the project - anything else is too complicated for our users :| > or so before gzipping anything. I'd like a seperate global index, that is much more usefull really. Jason
