[tex-live] New installer GUI
Norbert Preining
preining at logic.at
Wed Nov 21 16:17:58 CET 2018
On Wed, 21 Nov 2018, Zdenek Wagner wrote:
> it does not have the same strength as web servers certificate. Thus
> you can receive a mail signed digitally by Humpty Dumpty, his public
> key will be signed by Mock Turtle, Cheshire Cat, and Mad Hatter, but
> how can you know who really sent the mail if the sender e-mail address
> is forged and you cannot match the key fingerprint to a person you
> know?
Web of trust. It is the old - very old - discussion between whom you
trust more: a central authority (hoh hoh, breaches of CA have been far
and wide) or a web of trust (this guy's key has been signed by a guy I
know!).
I prefer the later one, I prefer non-centralized single-point-of-failure
security. You say that "web server certificates are stronger", which I
strongly disagree.
Simple question: which software release is signed with a ssl certificate
instead of a pgp/gpg certificate? At least in the OSS world I don't know
of any.
Norbert
--
PREINING Norbert http://www.preining.info
Accelia Inc. + JAIST + TeX Live + Debian Developer
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
More information about the tex-live
mailing list