> As another problem, if we use keys for each maintainer, how do we make sure > none of the private keys will ever be compromised (carrying around on mobile > devices, tiresome typing of a passphrase, etc.)? I might be a little bit > paranoid on this, but we have to consider the weakest link here.
We already trust the port maintainers to not submit trojans in their ports. > It's not about the distribution on an external server, but in which way the > archive was created. Why can't maintainers offer their archives alongside the ones from MacPorts' MPAB?
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
