-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Since freenet is open source, I would imagine that there are people who independently verify the validity of all builds by looking at the source and the diffs. I think that this is probably the only way to guarantee the validity of a build, and even with that it might not be 100%.
I think that gpg signing the builds would give us probably 90% confidence that the builds are good. The other 10% would be from these people looking at the source and reporting (like to slashdot) if there is a compromised build (where they see what appears to be malignant code and nobody "official" can sufficiently justify its presence). This is what most other security-related projects do (e.x. gpg, iip, etc.) AFAIK. :GeckoX -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE92P3wSMrcfZpjDKERAoR6AKCS+3XmmzbDjFttVPWE0ltoB17wYQCgkBW+ 5wMLp5FaaS+ocakzOO6aD9A= =RufJ -----END PGP SIGNATURE----- _______________________________________________ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
