|
From: | Aaron Bentley |
Subject: | Re: [Gnu-arch-users] Re: Common merge request format |
Date: | Mon, 12 Apr 2004 16:41:03 -0400 |
User-agent: | Mozilla Thunderbird 0.5 (X11/20040309) |
Robin Green wrote:
In a coding context I think trust is gained through submitting lots of good code - not through having a key with a strong signature path between the submitter and the recipient.
What would happen if mail.gnu.org were compromised? It could insert false signatures, which you'd gradually grow to trust.* Then the cracker sends you a signed merge request with a trojan. What are you likely to do?
Aaron * but only you, not the actual sender would get the falsified version. -- Aaron Bentley Director of Technology Panometrics, Inc.
[Prev in Thread] | Current Thread | [Next in Thread] |