On Aug 4, 2008, at 2:06 PM, [EMAIL PROTECTED] wrote: > [EMAIL PROTECTED] writes: >> I note as well that properly deploying release signing requires >> more than script modification. For instance, one does need to >> consider that the host to sign the releases might itself been >> taken over and the implications of such a takeover. > > For that part, signatures in the 'https:' site would help.
I think you need to re-think that assertion. > Not that I'm making an issue of it, I've got OpenLDAP installations > that I didn't verify against any signature right on this host. > > -- > Hallvard > >
