> Can someone hack dinstall to install packages which are not PGP > signed but has been copied to incoming? If the UID of the files is > the one of a developer we can know who did upload the package.
No, because the upload queues also use known UIDs, but may allow everyone to upload. (BTW, the queues in Erlangen and open.hands.com require the files to be PGP-signed.) Roman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
