-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 <<big cut>>
in the link i provided (http://www.debian.org/doc/manuals/securing-debian-howto/ch7.en.html), they said outright that the framework is there. the tools (all?) support it. The reason it is not in place is the policy. That is what they are waiting to implement. Right now, in order to be a debian developer you must have a gpg key signed by at least one other developer, and there is a complex web of trust being built. the faq has more info on this. it's only an idea, but it seems like a smart one. it is something to think about early, like the xml info, so that way when we decide to use it, we will have already thought about it and will have layed (laied?) the foundation for it. At least the person who built the binary can be verified. - -chris zubrzycki - - -- PGP public key: http://homepage.mac.com/beren/publickey.txt ID: 0xA2ABC070 Fingerprint: 26B0 BA6B A409 FA83 42B3 1688 FBF9 8232 A2AB C070 ======================================================== "Twice blessed is help unlooked for." --Tolkien -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (Darwin) Comment: For info see http://www.gnupg.org iD8DBQE8rUUv+/mCMqKrwHARAl7fAKCK22TnDc9ax7SJsa2PX6yABEvG8ACgqWly bKfl7lYxF58f4InVZBHnPbo= =VT57 -----END PGP SIGNATURE----- _______________________________________________ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel