ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kev Jackson <>
Subject Re: pgp key for signing files
Date Tue, 06 Jun 2006 10:09:52 GMT
>> Well I'm currently in Vietnam, so I guess that no I'm not near  
>> enough to anyone (most here seem to be European folks, with 1 or 2  
>> USians)
> Makes for round the clock support. We've had a good australian  
> participation in the past, although Conor is the only person from  
> there currently active, I believe.

It's also great for open source that there are many people spread  
around as I believe different cultures bring different problem  
solving abilities to the table
> Its an interesting trust problem. You effectively already have some  
> credentials we implicitly trust (login rights to the cvs server &  
> minotaur, presumably including SSH private keys). Perhaps we can  
> bootstrap off that. It doesnt matter that you are who you say you  
> are, only that the entity who is committing stuff to the repository  
> is the same person who has the PGP key.

This is why ID cards prove nothing as the original application for  
said ID card can be completely fraudulent (think Day of the Jackal). is severely wrong with regard to this - one reason why I won't  
be coming back any time soon.

> I also have an employer issued x500 key, so I can demonstrate that  
> I am the person that hp thinks I am, or at least I have their  
> smartcard. We can use those to bootstrap trust too. After all, who  
> trusts a paper driving license without a photo on it (like my uk one)

I too have a loo-paper driving license - practically every other  
country treats it with utter contempt when you try to use it as ID!   
Here it wouldn't count for anything as it doesn't contain a fingerprint

ok, sorry going OT ....


"It is through disobedience that progress has been made, through  
disobedience and through rebellion" - Oscar Wilde

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message