[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: PROPOSAL: GPG Signing of Releases

From: John Peacock <jpeacock_at_rowman.com>
Date: 2004-04-12 19:33:06 CEST

Brian W. Fitzpatrick wrote:

>>1) Since the people presenting these arguments are comfortable with
>>GPG/PGP and the web of trust. They assume other users will be. I think
>>the whole web of trust thing is fundamentally confusing to end users in
>>general. If you don't believe me go look for all the FAQs about it.
>>It's not easy to explain, understand or use.
> I agree with this, and will reiterate my response: KeyMan.

This (is this what you were talking about?):


is a little sketchy on the actual sequence of daily usage.

How would a user wanting to check the signature of a release go about it? Is
KeyMan strictly a management tool on the developer-side to manage the individual
keys, or would everyone who uses Subversion and wishes to check the signature
need to download it as well.

I have no sheds to paint in this argument (actually I chose grey siding ;), so
please explain how this would appear on the website to the average user.



John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD  20706
301-459-3366 x.5010
fax 301-429-5748
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Apr 12 19:34:01 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.