On Thu, 2004-11-04 at 23:45 +0100, Féliciano Matias wrote:
Le jeudi 04 novembre 2004 à 15:37 -0500, Peter Jones a écrit :
> Also note that those which are signed are currently signed by hand, and
> one thing people have been advocating is automatic signing. Automatic
> signing, I'll obviously argue, is a total loss.
What is a ssl server if it's not an automatic signing machine ?
Total loss...
That's completely ignoring the contexts of package distribution and the
policies put in place by current package update tools. None of them
trust packages *just* because they are fetched over SSL, nor do they
reject packages which aren't.
--
Peter