[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] GNU Arch review - am I accurate?

From: Florian Weimer
Subject: Re: [Gnu-arch-users] GNU Arch review - am I accurate?
Date: Mon, 8 Mar 2004 13:00:30 +0100
User-agent: Mutt/

Charles Duffy wrote:

> On Wed, 2004-03-03 at 01:07, David A. Wheeler wrote:
> > There are some things I didn't see:
> > * Is anyone currently working on automated caching?
> Of course -- Arch has automated caching build in. See "revision
> libraries", archive mirrors and cacherevs. There've been some folks
> proposing caching other files as well, but such proposals typically add
> nothing revlibs don't do already.

None of this is fully automated.  Without any manual work, the archives
are optimized for access to historic versions, and not to current ones.
This is something which surprises most users.

> > * Has anyone thought about the "signing of signing" issue
> This is arguably a problem for the underlying crypto subsystem.

At least in part.

> See GnuPG's "web of trust" support.

You are missing the point.  Just because someone has a valid key (which
is part of my web of trust), he shouldn't automatically be allowed to
sign any software product I use.  Conversely, it shouldn't be necessary
to mark a key as "fully trusted", just to be able to access archives.

In short, use gpgv and a separate keyring.  Don't use the web of trust.

Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains:,,,,,,,,,,,,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]