On Tue, 2009-02-24 at 10:29 -0500, Scott Williams wrote: As for signing with a software GPG key, I think it's fine in principle. However, to ensure it does not get compromised, I think the key itself should be passphrase encrypted, so that if even your system is compromised, the key itself is protected. In fact, if it's encrypted, then you can even technically send out copies of the encrypted key for safe keeping, as long as only you know the passphrase. That last part may be a little out there, though. ;) As for the build system, unfortunately, I don't have a lot of experience with such things. I think if we don't get it up now, it'll be a lot harder to get it going in the future, and, if I'm not mistaken, it would save us a lot of time in the long run - build systems make these kinds of things a lot easier, I think. By the way, any word from FAB? Domain name, etc.? ________________________________________________________________________ Basil Mohamed Gohar abu_hurayrah(a)hidayahonline.org www.basilgohar.com