-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 mop48836 wrote:
Pascal Bleser wrote: ... Thanks to your answers. So you point out the "web of trust", and that there is no technical approach to this. It's within the inherent structure of rpms, etc.
Yes.
I wish we can have the web of trust you mention, and that new users have clearly in mind what rpms can do.
http://en.wikipedia.org/wiki/Web_of_trust
http://www.rubin.ch/pgp/weboftrust.en.html
Go to Linux/OSS events, meet up with people, always have a fingerprint of your public key with you,
sign the keys of people who give you their fingerprints and show their ID.
That's how to build a web of trust. And ultimatively, trust people who have signed the keys of the
packagers who made the packages you're installing ;-)
cheers
- --
-o) Pascal Bleser http://linux01.gwdg.de/~pbleser/
/\\