> This is a Microsoft scare tactic, there's no reason not to trust > software if you are confident of where you got it. You can eat food > from state certified restaurants and get sick, or eat at a neighbor's > house and feel great. (I'd even argue the latter is safer.) >
Dare I note that both sourceforge.net and vim.org are not offered over https? Without that, there's no way to know whether I'm eating at a mockup of my neighbor's house or at the house itself. > So I'd love to see the point made using Free Software and not > requiring license fees or key hosting by whatever corporation. (Unless > the case is being made that only state sponsored food should be > allowed.) > > > Cream distro -- well, that one suffers from the same problem. I'd > > prefer to use the vim.org/Bram build of Vim if I can, since I can be > > sure it is fully up to date and doesn't have janky personal > > customizations and patches. > > You obviously don't get the point of Free Software. :) Hey, enough with the hate, suffixed with smiley faces as it is. Anything prefaced with the phase "I prefer" surely is meant only in a personal manner. More power to you for creating and maintaining Cream. It's not _my_ preference. > > Why does it take funds? Because not everyone can be a certificate > > authority. There is a chain of trust that originates in the set of > > root certificates installed on everyone's machines, and self-signed > > certs must be manually added on every machine that wants to trust > > that author is who he or she claims they are. > > It only takes funds because the crooks that are trying to scare > everyone into a fully sponsored "security solutions" need money to > survive. Root of trust, distribution of keys, revocation, and the other associated issues with a global PKI are real problems. In a free software context, see the hack on kernel.org and GNU savannah... http://blog.sucuri.net/2010/11/savannah-gnu-org-hacked-and-currently-offline.html https://www.linuxfoundation.org/news-media/blogs/browse/2011/08/cracking-kernelorg Digitally signing the binaries wouldn't have eliminated either of these problems, but would have made cleaning up after them quite a bit easier. Philip -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php
