On Wednesday 27 June 2012 20:37, AL13N wrote: > if RH and Canonical both had worked together with some independant entity > (like cacert.org ) it could've been handled alot better.
RedHat explored that idea and turned it down, because no one was viling to do it, and doing it them selves was hugely expensive. http://mjg59.dreamwidth.org/12368.html === "An alternative was producing some sort of overall Linux key. It turns out that this is also difficult, since it would mean finding an entity who was willing to take responsibility for managing signing or key distribution. That means having the ability to keep the root key absolutely secure and perform adequate validation of people asking for signing. That's expensive. Like millions of dollars expensive. It would also take a lot of time to set up, and that's not really time we had. And, finally, nobody was jumping at the opportunity to volunteer. So no generic Linux key." === -- Johnny A. Solbu PGP key ID: 0xFA687324
signature.asc
Description: This is a digitally signed message part.
