Do we have to make things so complex?
Cheers,
Nicholas
Just my two pence worth ;)
Trust me,
there's plenty of time before this could go ahead. Setup.exe has core
model changes needed to support it.
I'd give two quid if setup.exe would compile properly with
g++-3.2!
Cheers,
Nicholas
On Mon, 2002-09-23 at 21:54, Lapo Luchini wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I was thinking abut it (again)... but a little search avoided me a
duplicate proposal... So I will answer to latest messages I can find
about it, as I'm very interested in the thing.
- From
Lets start with setup.exe: Should we embed a key in it?
A: No.
We should not embed a key in it, because that forces all packages to be
signed by one and only one matching key.
Or by any key that is directly (or indirectly) signed by that key...
So, you say 'well, how do we get a list of
I think, if this key thing goes ahead, somebody is going to
have to come up with a *very* detailed method of getting a
key and signing things with regards to cygwin stuff. Making
a package for cygwin _is_ not easy for people who grew up
in windows. I'm sure it's put lot's of people off
On Wed, 2002-09-25 at 23:18, Lapo Luchini wrote:
2) cygwin has a implicitly trusted key, whose private key is used by
CGF, Corinna, or any central cygwin trusted member
I don't think we want an implicitly trusted key. We do need a central
key of sorts, but that is different because the user
On Wed, 2002-09-25 at 23:36, Morrison, John wrote:
I think, if this key thing goes ahead, somebody is going to
have to come up with a *very* detailed method of getting a
key and signing things with regards to cygwin stuff. Making
a package for cygwin _is_ not easy for people who grew up
in
I don't think we want an implicitly trusted key. We do need a central
key of sorts, but that is different because the user must choose to
trust it.
I meant implicitly for cygwin people, not implicit for the final user =)
I'm trying to avoid devaluing the web of trust, while still keeping what