Ciaran McCreesh wrote:
On Thu, 03 Apr 2008 14:44:45 +0200
Patrick Lauer <[EMAIL PROTECTED]> wrote:
and then, from that design space, select the option(s) that have the
best behaviour. If you get bored you can read the not-yet-GLEPs
robbat2 has written with the help of a few others, which would cut
out a large part of the discussion:
http://viewcvs.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/
Uh... Which signing system did you think we were discussing when we
started talking about signing the tree?
Well, now we agree that we talk about the same thing after only 4 email
pingpongs. That is quite fast!
But if you don't trust anyone there is no reason why you would even
try to interact with Gentoo. So at some point you will have to decide
to arbitrarily trust a few entities, be it devs or servers or
cryptographic keys ...
Uh huh, which is what my original reply to Mike was all about.
We're way ahead of you here...
Or so you think.
So now that you've tried to label me as a dimwit we're past that stage
and can now return to actually discussing the set of issues and how to
handle them, ja?
--
gentoo-dev@lists.gentoo.org mailing list
