Automatic Script Updater
Sven Krohlas
sven at asbest-online.de
Thu Oct 8 16:21:32 CEST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Heya,
> Sorry, but "trustworthy" would never work in real life. Who wants to
> take responsibility?
the (very few) persons who have access to our key.
> Let's say that you trust me in general. In reality you would only
> trust me with certain things, e.g. fetching ice cream, programming UI
> code, whatever. But you would not trust me to do a medical checkup on
> you.
>
> Even if you did trust me with medicine, I could screw up. The same
> applies to 3rd party contributors, as an analogy.
We only have to trust them in one single point: that they don't
intend to distribute malware to Amarok users. Nothing else.
What I describe is basically a Public Key Infrastructure. I don't
see any other way to do this (except signing every update with
our key).
- --
Darkerradio Free Music Charts:
http://www.darkerradio.com/news/free-music-charts-september-2009/
Klarmachen zum Ändern! -> http://www.piratenpartei.de/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iEYEARECAAYFAkrN9WwACgkQOOggGLjBlhYsWQCcDD+lMeyF5dr/LZEMSjnGB1hK
NAoAoMtSzbGS33eEnO8gHPMLysUZZfgf
=/Znc
-----END PGP SIGNATURE-----
More information about the Amarok-devel
mailing list