On 2020-01-31 12:37, Manuel Bouyer wrote:
On Fri, Jan 31, 2020 at 12:32:06PM +0100, Johnny Billquist wrote:Of course you can. But then you need to have a whole list of trusted public keys that needs to be managed, which again leads to the question of which keys are now the acceptable ones. And how to you trust new builders? Can anyone then be added to the list of official builders of packages, or how to you manage that side? Key management is not trivial.Of course it's not. But this is not really a technical issue.
Security is never a technical issue, more than at the surface...
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt%softjar.se@localhost || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol