Re: Deskbar Applet, NewStuffManager, 2.16, Installing New Plug-Ins, AutoUpdate, etc.



You sign things with your own key and the server has a list of keys it
accepts things from. it removes your signature and signs your file
with it's own key. Afaik this is how Debian and etc manage package
uploads.

Just a thought - one mechanism is to require two signatures, or
mandatory review.  Suppose that Raphael and I are on the small list of
blessed "deskbar NewStuff gatekeepers" (and this list may differ from
the "epiphany NewStuff gatekeepers", for example).  I upload my signed
copy of foo, and Raphael uploads his signed copy of foo.  The server
verifies the two signatures, and that the two copies of foo are equal,
and then gives it the official seal.

Two orthogonal questions:
Does anyone already do this?
Is this a good idea?



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]