[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Plash] Packaging system (was: Plash Wiki)
From: |
Thomas Leonard |
Subject: |
Re: [Plash] Packaging system (was: Plash Wiki) |
Date: |
Wed, 28 Mar 2007 21:48:13 +0100 |
On 3/10/07, Thomas Leonard <address@hidden> wrote:
On 3/8/07, Mark Seaborn <address@hidden> wrote:
[...]
> To clarify, I meant the sort of trust you're referring to here. When
> I launch gedit I want to be sure that I am getting a program that was
> signed by the public key I specified when I installed gedit,
I agree. The trust database should record which domains the key is
trusted for. Then the 'confirm trust' box can say "Note: you already
trust this key for software from XXX.org" when confirming a key for
YYY.org.
I've done a bit of work on this now. The new confirmation dialog looks
like this:
http://0install.net/screens/trust-domain.png
By default, the domain in which a key is trusted is currently the host
part of the feed URL. So, if you run ROX-Filer, Edit and 0compile then
you'll be asked to accept my key twice (for rox.sourceforge.net and
for 0install.net). On the second time, it will tell you that you
already trust it in the other domain.
If you want it more fine-grained, adjust "trust.domain_from_url()" to taste.
--
Dr Thomas Leonard http://rox.sourceforge.net
GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1