On 2003-09-23 at 11:26, Tracy R Reed wrote: > And if the key is compromised and a trojan build put in place? > > Those trust issues. > > They need revokable keys so that then the compromise is detected they can > prevent people from downloading the bad build. The implications of a > privacy compromise due to a trojan'd freenet build are pretty serious.
Right now freenet is most commonly downloaded from a non-secure site, just authenticated by a non-secure DNS lookup. Most people use the precompiled jar file, and even the source-compiled one fetches binary stuff to put in the jar. It is even encouraged to "spread freenet", which means downloading off of temporary sites. /Benny _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
