At 15:00 Uhr -0500 28.11.2002, Carsten Klapp wrote:
Hi David,In fact automatic signing of packages would be completly useless. It would automatically sign hacked packages, too. And we would have to expose the private key on the server that does the automatic signing. A big no-no.
I like the idea of signature verification. Better safe now than sorry later.
I have a few concerns:
- Scripts on the server which automatically sign committed info and patch files wouldn't stop a hacker, no?
Max
--
-----------------------------------------------
Max Horn
Software Developer
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Fink-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/fink-devel
