-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 mop48836 wrote:
Pascal Bleser wrote: ... Thanks to your answers. So you point out the "web of trust", and that there is no technical approach to this. It's within the inherent structure of rpms, etc.
Yes.
I wish we can have the web of trust you mention, and that new users have clearly in mind what rpms can do.
http://en.wikipedia.org/wiki/Web_of_trust http://www.rubin.ch/pgp/weboftrust.en.html Go to Linux/OSS events, meet up with people, always have a fingerprint of your public key with you, sign the keys of people who give you their fingerprints and show their ID. That's how to build a web of trust. And ultimatively, trust people who have signed the keys of the packagers who made the packages you're installing ;-) cheers - -- -o) Pascal Bleser http://linux01.gwdg.de/~pbleser/ /\ <pascal.bleser@skynet.be> <guru@unixtech.be> __v FOSDEM 2006 -- 25+26 February 2006 in Brussels -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDb3Ypr3NMWliFcXcRAkP2AKCwsJnavR1lpk+eB29cTbXoLNJBJACfcfrO ZidEUDyVSpo+Ro4F0jA23yo= =b775 -----END PGP SIGNATURE-----