On Thu, 2004-11-04 at 23:45 +0100, F�ciano Matias wrote:
> Le jeudi 04 novembre 2004 �5:37 -0500, Peter Jones a �it :
> > Also note that those which are signed are currently signed by hand, and
> > one thing people have been advocating is automatic signing. Automatic
> > signing, I'll obviously argue, is a total loss.
>
> What is a ssl server if it's not an automatic signing machine ?
> Total loss...
That's completely ignoring the contexts of package distribution and the
policies put in place by current package update tools. None of them
trust packages *just* because they are fetched over SSL, nor do they
reject packages which aren't.
--
Peter