On Tuesday 16 December 2008 00:24, Florent Daigni?re wrote: > > > > > > > > > > I'm not arguing we should invest $ into getting a signed certificate. I > > > > > am sure we have professional developers here who do have a valid, > > > > > trusted certificate. > > > > > > > > Whom we can trust? Such as? > > > > > > I don't think it's a matter of trust here; well, I don't know; I do have > > > one for instance and I'm sure we could find others if we asked. > > > > > > Would anyone reading this mailing list volunteer to build and sign one > > > of our installers? > > > > IMHO it is a matter of trust as much as anything. > > It shouldn't be up to us trusting someone: it's the user's > responsibility to trust or not the guy who packaged the installer he is > going to use. That's why we introduce a 3rd party here! > > In case of debian you trust the packager for being honest; he doesn't > even have to be endorsed by upstream.
No. We provide binaries so WE decide who to trust. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20081216/080586dc/attachment.pgp>
