Time to resurrect multi-key signatures in RPM?

Bojan Smojver bojan at rexursive.com
Thu Aug 28 11:15:20 UTC 2008


On Thu, 2008-08-28 at 12:48 +0200, Nils Philippsen wrote:

> I don't know if they do that at all or with everybody, in fact I'm
> pretty sure they will accept the IDs at face value. Maybe they verify
> old documents that don't have all the gizmos that make the ID hard to
> fake today. I just wanted to point out that they can do that.

Yeah, it's like customs. You can scrape by, but if they do cross-check,
you're history if you have nasties in your bag :-)

> All this doesn't help much if somebody manages to feed the process with
> corrupt data in the beginning

I think I mentioned already that such a thing would be (obviously)
beyond the scope of this.

But look, it is obvious that we (and by this I mean myself and the
majority of people in the thread) have fundamentally contradicting views
about this, so let's agree to disagree, OK? I don't want to drag this
forever.

Consider my proposal withdrawn.

-- 
Bojan




More information about the devel mailing list