Re: gsu (Was Re: More Political Stuff)

On Wed, Aug 30, 2000 at 05:41:39PM -0500, Geoff Reedy wrote:
> Of course there would still need to be some person/people who would have to
> audit every theme.  Also, each user would then have to be sure that their
> authentic, okay, safe theme file is up to date, otherwise they will get
> warnings that they probably won't understand or what to do about them when
> they try the newest theme posted to gtk.t.o  

If we just adopt a policy of digitally signing themes, then there is no need to
have a "safe theme" file on each machine. A user would download a theme, the
signature would be checked and if it was verified, the theme would install.

If the signature could not be checked because the user did not have the right
public key, they could download it from somewhere. This is exactly the same as
with PGP/GPG encrypted email -- if somebody does not have my public key they can
go to a key repository like and download it. RedHat uses similar
things for their rpms. 


Malcolm Tredinnick            email:
CommSecure Pty Ltd

PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]