On Wed, 18 Apr 2007 07:39:22 +0400 Kirill S. Palagin wrote: > > -----Original Message----- > > From: news [mailto:[EMAIL PROTECTED] On Behalf Of NoOp > > Sent: Wednesday, April 18, 2007 3:02 AM > > > > However, the problem, as I see it, would be that every mirror > > would then also require a CA. > > We need to sign our code, not validate the server providing download, > so mirrors do not need certs (in the same way as Firefox and > Thunderbird installers are signed). >
An example of how secure FOSS code can be: http://lwn.net/Articles/57135/ All you need do then is ensure that you have a good mirror. Trouble is it still doesn't stop Vista complaining. -- Michael Linux: The OS people choose without $200,000,000 of persuasion. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
