On Wed, 2008-08-27 at 21:42 +0000, Bojan Smojver wrote: > Les Mikesell <lesmikesell <at> gmail.com> writes: > > > But what if > > it is the src rpm that is compromised so the builds will be identical > > because they both contain the modification? > > That is not exactly the compromise of the build system and/or Fedora key, now is > it? If your own contributors are subverting the system by uploading borked > source, the mutli-key system isn't going to help (and I never claimed that). > > For people that are not convinced in the usefulness of this (in principle), go > the a bank and try to open an account. See if they'll be OK with you producing > just one piece of ID. Not to fan the flames, but last time they did just that :-). And I'm pretty sure they'll do it again, possibly because the IDs in question are very hard to fake. Nils -- Nils Philippsen "Those who would give up Essential Liberty to purchase Red Hat a little Temporary Safety, deserve neither Liberty nils@xxxxxxxxxx nor Safety." -- Benjamin Franklin, 1759 PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011 -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
