On 8/4/06, Nigel Tao <[EMAIL PROTECTED]> wrote: > Just a thought - one mechanism is to require two signatures, or > mandatory review.
What exactly are you trying to stop again? I thought the point was to stop server cracking (note that many projects don't sign their source tarballs!). If this starts getting into reviewing code to check for evil, then this is something totally different and much harder. There's not much point in doing that, IMHO. Just give a bunch of trusted people access to the index file, and if somebody reports that a particular plugin has gone bad, yank it. thanks -mike _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
