[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] tla--devo--1.2 has preliminary gpg stuff
From: |
Robert Collins |
Subject: |
Re: [Gnu-arch-users] tla--devo--1.2 has preliminary gpg stuff |
Date: |
Sat, 27 Dec 2003 09:58:09 +1100 |
On Sat, 2003-12-27 at 06:55, Tom Lord wrote:
>
> At any rate, it should only be an error if the archive is a signed
> archive. Otherwise it should be at most a single warning that the
> archive is unsigned.
I think that that should be configurable in the long term - i.e.
--assume-signed-archive or some such - and retain the current behaviour
in the short term.
Otherwise, our conceptual attacker can simply remove
\=meta-info/signed-archive, and turn a hard failure into a warning.
Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
Re: [Gnu-arch-users] tla--devo--1.2 has preliminary gpg stuff, Tom Lord, 2003/12/26