We should be PGP signing releases, but IIRC Scott forgot the password of the release key he made.
Verisign (or their kin), OTOH, are not allowed anywhere close to my code. On Thu, 7 Jun 2001, Karsten Lentzsch wrote: > Hello - > > The current binary Freenet distributions contain an unsigned > freenet.jar. I'd recommend that one of the administrator signs > the JAR using a public key certificate verified by a CA. > > Otherwise, an evil party could modify the JAR, distribute > it on a "mirror", allowing it to do all kind of evil stuff. > > If we would use a JNLP (Java Web Start) enabled deployment, > the code would be automatically verified during startup. > As an alternative, users that have a Java Development Kit > could verify the code's data integrity, using the jarsigner tool. > > Karsten Lentzsch > > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://lists.freenetproject.org/mailman/listinfo/devl > 'DeCSS would be fine. Where is it?' 'Here,' Montag touched his head. 'Ah,' Granger smiled and nodded. Oskar Sandberg md98-osa at nada.kth.se _______________________________________________ Devl mailing list Devl at freenetproject.org http://lists.freenetproject.org/mailman/listinfo/devl
