On 7/31/06, Steve Frécinaux <[EMAIL PROTECTED]> wrote: > Nigel Tao wrote: > >> > You mean running untrusted code from the Web? > >> > >> Nigel said it would be possible to secure it a bit using GPG keys. > >> Maybe this kind of signing should be made a requirement. > > > > Well, should signing be necessary and/or sufficient, and who makes > > that decision? > > I'm not really aware of the gpg stuff, but I've heard of debian > developpers signing packages this way, relying on the thrust level of > the key. Someone to confirm/say I'm a big liar ?
I assume you mean trust level, but yes, you are correct. It is called Secure Apt and the details of it can be seen here: http://wiki.debian.org/SecureApt Corey _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
