On Thursday 03 April 2008 14:55:43 Patrick Lauer wrote: > >> But if you don't trust anyone there is no reason why you would even > >> try to interact with Gentoo. So at some point you will have to decide > >> to arbitrarily trust a few entities, be it devs or servers or > >> cryptographic keys ... > > > > Uh huh, which is what my original reply to Mike was all about. > > > > We're way ahead of you here... > > Or so you think. > > So now that you've tried to label me as a dimwit
I think you managed that quite well on your own. > we're past that stage and can now return to actually discussing the set of > issues and how to handle them, ja? The point of this subthread was that limiting developers' access to only the parts of the tree they are going to work on accomplishes nothing from a security point of view and only makes things harder when they occasionally need to do tree wide changes from any other point of view. There is no technical solution that can "fix" that. -- Bo Andresen Gentoo KDE Dev
signature.asc
Description: This is a digitally signed message part.
