Excuse me, but I'd like to join this thread only to ask something: is there a way to protect a resource in CVS? I mean it could be downloaded and even changed by someone who have a login to CVS, but not available to public anonymous CVS access.
well, we *could* ask for an avalon-private module. The asf has several modules only available for reading to select groups.
The problem is: I need to sign Avalon assemblies with a private key to give it a Strong Name [1] but I don't like to make this private/public key pair available to anyone who could download the code, change it ( mallicious intention ) and sign it as it was created by Avalon Team.
IIRC the assembly signing scheme sucks because there is no "web of trust" concept embedded. Our normal signing scheme using PGP works wonders because of it.
I don't really know a good way around this. I suggest you sign with your own private key and make the public key available like we do with the PGP keys.
cheers!
- Leo
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
