Nigel Tao wrote: >> > You mean running untrusted code from the Web? >> >> Nigel said it would be possible to secure it a bit using GPG keys. >> Maybe this kind of signing should be made a requirement. > > Well, should signing be necessary and/or sufficient, and who makes > that decision?
I'm not really aware of the gpg stuff, but I've heard of debian developpers signing packages this way, relying on the thrust level of the key. Someone to confirm/say I'm a big liar ? I don't know if it's really possible or secure, but what about rating the thrustfulness of a plugin based on the amount of gnome people that signed its key ? This is just an idea, maybe I'm on crack _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
