On Wed, 2008-08-27 at 21:42 +0000, Bojan Smojver wrote:
Les Mikesell <lesmikesell <at> gmail.com> writes:
> But what if
> it is the src rpm that is compromised so the builds will be identical
> because they both contain the modification?
That is not exactly the compromise of the build system and/or Fedora key, now is
it? If your own contributors are subverting the system by uploading borked
source, the mutli-key system isn't going to help (and I never claimed that).
For people that are not convinced in the usefulness of this (in principle), go
the a bank and try to open an account. See if they'll be OK with you producing
just one piece of ID.
Not to fan the flames, but last time they did just that :-). And I'm
pretty sure they'll do it again, possibly because the IDs in question
are very hard to fake.
Nils
--
Nils Philippsen "Those who would give up Essential Liberty to purchase
Red Hat a little Temporary Safety, deserve neither Liberty
nils(a)redhat.com nor Safety." -- Benjamin Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011