On Wed, 20 Feb 2008, Jan Hauke Rahm wrote: > On Wed, Feb 20, 2008 at 01:56:05AM -0800, Don Armstrong wrote: > > Otherwise it's pretty much insta-buggy by design. > > Kind of, yes...
I think the other features are worthwhile enough to work around this, so I'd strongly suggest that this package have the key-uploading and other secret-key requiring bits disabled by default, with strong warnings about the security issues with uploading keys (and how they should be marked as untrusted keys before uploading) in whatever configuration file is used to actually enable them, as well as end-user documentation. [It may already do that; I've never used this plugin.] Don Armstrong -- If a nation values anything more than freedom, it will lose its freedom; and the irony of it is that if it is comfort or money it values more, it will lose that, too. -- W. Somerset Maugham http://www.donarmstrong.com http://rzlab.ucr.edu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
