Re: gsu (Was Re: More Political Stuff)



On Thu, 31 Aug 2000, Sean Middleditch wrote:

> OK Then.  Well, ok, about Themes again then, why can't we use those to
> ensure safety of themes?  I special file like 'key' or something that's
> made a signature with a hash of the theme file tree and contents, or
> whatnot...
> 
> Then perhaps store a list of entrusted keys.  If a theme is selected to
> run that has never been used before, check the key.  Give a warning if
> there is no key.  Otherwise, check the OK keys list.  If the signature
> doesn't match, then a give a warning.  Possibly, for unknown signatures,
> have a secured way of storing information like name or something, or
> perhaps an on-line database, to look up and see who the key belongs to,
> if its valid, etc.

That's fine, but it requires someone to put a stamp on it and say 'I trust
this theme'.  And we have to trust them.  and the fact that they are who
they say they are(although, nicely, in this situation we don't actually
care who they are).  See my initial comment about trust networks.

njh






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]