> The Freenet client would obviously need to contain a 'freenet developers' > public key. Or better, it could contain a key for each developer > individually. This protects the user against a 'rogue developer', because > the user would expect to see a list of developers vouching for the > software. If there was an argument on Slashdot between the developers, > for example, then the user would read and consider the developers' points > of view, and be able to make their own decision about whose signature to > trust. > We do have an official Freenet GPG key that is (supposed to be) signed by all the core developers. I plan on signing all official software with it, as well as inserting the key and signed software in freenet under an official Freenet SVK subspace.
-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20000812/6786acda/attachment.pgp>
