[EMAIL PROTECTED] writes: > I note as well that properly deploying release signing requires > more than script modification. For instance, one does need to > consider that the host to sign the releases might itself been > taken over and the implications of such a takeover.
For that part, signatures in the 'https:' site would help. Not that I'm making an issue of it, I've got OpenLDAP installations that I didn't verify against any signature right on this host. -- Hallvard
