On Thu, Nov 14, 2002 at 06:02:48PM -0800, Scott Miller wrote: > If you guys want to be super paranoid about this, we can use a > secret-sharing scheme or just multiple signatures, but store the private > keys on physical security tokens (such as http://www.ibutton.com).
That wouldn't prevent someone from tricking a developer or developers into signing a modified jar. Ian. -- Ian Clarke ian@[freenetproject.org|locut.us|cematics.com] Latest Project http://cematics.com/kanzi Personal Homepage http://locut.us/
msg05435/pgp00000.pgp
Description: PGP signature
