On 10/29/07, Niclas Hedhman [EMAIL PROTECTED] wrote:
On Sunday 28 October 2007 23:15, Erik Abele wrote:
As BenL always says: I don't give a shit about some random document,
that could be faked anyway. All I care about is the email address
connected to the key I intend to sign - is it really
On 29.10.2007, at 03:13, Niclas Hedhman wrote:
On Sunday 28 October 2007 23:15, Erik Abele wrote:
As BenL always says: I don't give a shit about some random document,
that could be faked anyway. All I care about is the email address
connected to the key I intend to sign - is it really the
On 29.10.2007, at 13:49, Robert Burrell Donkin wrote:
...
IMO this needs to be done at the protocol level to gain the required
security (rather than just the appearance of security). if there's
anyone around who's active on HTTP standards then now would be a great
time to jump in...
And back
On 29/10/2007, Erik Abele [EMAIL PROTECTED] wrote:
On 29.10.2007, at 03:13, Niclas Hedhman wrote:
On Sunday 28 October 2007 23:15, Erik Abele wrote:
As BenL always says: I don't give a shit about some random document,
that could be faked anyway. All I care about is the email address
-Original Message-
From: sebb [mailto:[EMAIL PROTECTED]
Even if you can't establish a trust path, the PGP signature gives a
bit more assurance than a hash. The KEY file should be in SVN, so you
can ensure that the person that added the key to the KEY file was at
least a committer
On Monday 29 October 2007 21:26, Erik Abele wrote:
The process on the above page is beyond most users'
imagination.
As said, they probably don't even care otherwise they would know...
I rest my case; If I don't care about routing tables in TCP/IP stacks, I don't
need Internet, right?
On 29.10.2007, at 16:02, Niclas Hedhman wrote:
On Monday 29 October 2007 21:26, Erik Abele wrote:
The process on the above page is beyond most users'
imagination.
As said, they probably don't even care otherwise they would know...
I rest my case; If I don't care about routing tables in
On 29/10/2007, Gilles Scokart [EMAIL PROTECTED] wrote:
-Original Message-
From: sebb [mailto:[EMAIL PROTECTED]
Even if you can't establish a trust path, the PGP signature gives a
bit more assurance than a hash. The KEY file should be in SVN, so you
can ensure that the person
On 10/29/07, Erik Abele [EMAIL PROTECTED] wrote:
On 29.10.2007, at 16:02, Niclas Hedhman wrote:
snip
Asking me to do something about it, is also asking at the wrong
end, since I
am a newbie at the topic and barely trust myself getting anything
right.
Well, that's the way we operate -
On Sunday 28 October 2007 06:24, Noel J. Bergman wrote:
Perhaps
we should add some information on getting into the Web of Trust, although
that is really a general committer item, not Incubator specific.
I am not very security fluent, and perhaps someone could explain to me;
What is the
On 28.10.2007, at 08:57, Niclas Hedhman wrote:
On Sunday 28 October 2007 06:24, Noel J. Bergman wrote:
Perhaps
we should add some information on getting into the Web of Trust,
although
that is really a general committer item, not Incubator specific.
I am not very security fluent, and
On 10/28/07, Erik Abele [EMAIL PROTECTED] wrote:
On 28.10.2007, at 08:57, Niclas Hedhman wrote:
snip
as well as tooling support for verifications.
http://httpd.apache.org/dev/verification.html
IMHO verification is too important to be left to users. perhaps HTTP
could be extended by a 3xx
Hi,
Some background on the web of trust (wot) that ASF uses for signers
of code releases is at http://en.wikipedia.org/wiki/Web_of_trust
You correctly point out that the icla is a binding document in which
the party signing the document grants certain intellectual property
rights to the
On Sunday 28 October 2007 23:15, Erik Abele wrote:
As BenL always says: I don't give a shit about some random document,
that could be faked anyway. All I care about is the email address
connected to the key I intend to sign - is it really the address of
the person in question?.
Ok, and
14 matches
Mail list logo