Karsten W Rohrbach's Profile

Recent activity

Karsten W Rohrbach replied on October 19, 2009 08:18 to the question "gpg key?" in Participatory Culture Foundation (Miro):

If you build your packages using the standard Debian process it even auto-signs your freshly created package set. You just have to enter the passphrase for the package signing key. It was designed specifically to be easy for the developers to sign their packages.

And, yes, package integrity is a big plus. You do not sign, so tampering on the distribution site will go unnoticed. Mass rollout of a modified program version willl go unnoticed. Miro is a software with full network access, so it would pose a strategic target if the installed base is big enough.

Please add package signing. It is worth the effort. Thank you.

Do you think this answers the question? Mark it as answered
Karsten W Rohrbach started following the question "gpg key?" in Participatory Culture Foundation (Miro).
Karsten W Rohrbach started following the problem "Unable to download Rainbow for Firebug" in BinaryAge.
Karsten W Rohrbach started following the problem "Del.icio.us extension not working with Firefox 3" in Mozilla.
Karsten W Rohrbach started following the problem "Twitkit incompatible with ffb5" in TwitKit.