
-----BEGIN PGP SIGNED MESSAGE----- On Sat, 30 Mar 1996, Bill Frantz wrote:
At 8:36 PM 3/28/96 +0100, JR@ns.cnb.uam.es wrote:
I may -or not- trust the people at unimi, but would I also trust a lot of intermediate people putting up together a CD-ROM? For that sake, and considering the costs of storage and removable storage media, I'd bet many people would find more useful to download their copies from the net (even once a year only) as I did.
If pieces of the source/executable are digitally signed, you have a basis for some degree of trust. (My pgp came with a detached signature. A bit self-referental, but at least a start.)
It depends where the person who signed the program is in the web of trust. I rarely find that the cooresponding public key for a digital signature is signed by someone that I trust and that I know that that public key belongs to whom it says it belongs. Without trust, a digital signature is completely worthless. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm@voicenet.com | finger -l for PGP key 0xf9b22ba5 http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5 "The concept of normalcy is just a conspiracy of the majority" -me -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMV3zobZc+sv5siulAQHHgAQAqBcay46jx0/ez+Cz1vsjZjpWacurf3II Oj3u29DrmuTTMk3su51Dc8oQfqF39xS6k1b5EZY/0wqC8fGumItasmwVYZFcILGl dVO/DyAbuvmud4CamwGtTvmDDL+7Y8mojnLFHyGL7ht1JUasz0oM6EaxJyRIksjx tSwsRj54D8w= =MxYS -----END PGP SIGNATURE-----