On 2024-11-22 (Fri) 22:25:58+09:00, bawolff <[email protected]> wrote: > > Essentially they are just some metadata signed with a public key. The idea > is that the owner of the public key is responsible for verifying everything > is true. But we allow randoms to upload files so i don't think it makes > sense for us to sign these things.
Or even more so given that you have to pay a bunch of money to CAs. (because LE doesn't issue certs required for this stuff — S/MIME or 'Document Signing' certificates) In theory WMF has the resource to buy the certificate, but IMO that would be a gross waste of donor money. (Or if they demand each user purchase the certificate, that might quickly go useless for our use case. I didn't read the docs beyond the 'you need to purchase' part.) -- ---- revi | 레비 (IPA: lɛbi) - https://revi.xyz - he/him <https://revi.xyz/pronoun-is/> - What time is it in my timezone? <https://issuetracker.revi.xyz/u/time> - OpenPGP <https://revi.xyz/pgp/> - In this Korean name <https://en.wikipedia.org/wiki/Korean_name>, the family name is Hong <https://en.wikipedia.org/wiki/Hong_(Korean_surname)>, which makes my name HONG Yongmin. - My texts (excluding quotes marked with `>`) to public mailing lists are licensed under CC BY ND 2.0 KR <https://creativecommons.org/licenses/by-nd/2.0/kr/>. - I reply when my time permits. Don't feel pressured to reply ASAP; take your time and respond at your schedule. _______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
