User: Password:
Subscribe / Log in / New account no longer centrally signs submissions no longer centrally signs submissions

Posted Nov 9, 2011 2:49 UTC (Wed) by giraffedata (subscriber, #1954)
In reply to: no longer centrally signs submissions by jimparis
Parent article: KS2011: report

Thanks; that's exactly what I was thinking. The great advantage of a digital signature is that it gives you a basis for trusting something regardless of how it got to you. If I found a kernel by the side of the road, I'd say, "Hell yes, I'll put that on my server. I can see that blessed this particular arrangement of bits at some point." But it would be ridiculous to say, "This looks OK. Somebody signed it."

The developer signature appears to serve an entirely different purpose from the automatic signature (I suppose it is what tells, which does know all the individuals, it's OK to take the code), but the article makes it sound like it is a replacement of -- and improvement on -- it.

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds