[8970] in cryptography@c2.net mail archive
Re: Crypographically Strong Software Distribution HOWTO
daemon@ATHENA.MIT.EDU (Ask Bjoern Hansen)
Tue Jul 3 22:45:26 2001
Date: Tue, 3 Jul 2001 19:34:38 -0700 (PDT)
From: Ask Bjoern Hansen <ask@valueclick.com>
To: ASF Members <members@apache.org>
Cc: Ben Laurie <ben@algroup.co.uk>, <cryptography@wasabisystems.com>
In-Reply-To: <3B426894.297FC21A@zolera.com>
Message-ID: <Pine.LNX.4.33.0107031931510.15633-100000@impatience.valueclick.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 3 Jul 2001, Rich Salz wrote:
> > So how does this work in practice?
>
> Who controls commit access? What mechanisms protect that? The same
> mechanisms that protect *the source* can be the same mechanisms that
> protect *the release.*
I believe we have a greater need for protecting the releases with
PGP than we have for protecting the source code. (For the releases
it's close to the only "line of defense"; the source code can more
easily be taken out of distribution and it's easier to verify).
- ask
--
ask bjoern hansen, http://ask.netcetera.dk/ !try; do();
more than 100M impressions per day, http://valueclick.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
