On Thu, 14 Nov 2002, Matthew Toseland wrote:
> For getting the latest build? Please explain to me how we are supposed > to keep a single SSK private key secure for all eternity? The same way you keep your PGP key secure. Don't Share. I'd suggest Web-of-Trust. Either internal to freenet or using PGP keyservers. Sign a .JAR with a short-expiration key (on the order of weeks or months) Sign that key with Ian's key. (Cross signed with Oskar, Matthew, etc) Now we have a distribution key, known to one person (The "distribution officer") with a short duration. It's not perfect (losing Ian breaks it) but we're not completly dependant on the security AND availablity of fp.o. --Dan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 155 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021114/b2af0039/attachment.pgp>
