This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: unofficial packages

Robert Collins wrote:

----- Original Message -----
From: "Charles Wilson" <>
To: "Robert Collins" <>
Sent: Thursday, July 11, 2002 10:17 AM
Subject: Re: unofficial packages

Robert Collins wrote:

Yes, this requires documenting who maintains packges, but it doesn't

have to

be easily available to end users (i.e. the user interface doesn't have


expose it). *setup* would have to know who maintains what, as far as
official packages go. Now, this can't be compiled-into the executable;
it has to be distributed from the mirrors. Are you thinking encryption?
'cause that's pointless -- the decryption key has to be bound into
setup.exe; thus, available from setup's sources.

No, I'm think it's part of the setup.bz2 file.
IIRC, /encryption/ requires to know the _recipient's_ public key. OTOH, /signing/ the info with a known key requires only to know the _sender's_ public key.

Give every official maintainer an address, and those addresses
point straight into for maintainers that object to private

And this would make the info in the keyring suitable for public consumption - nothing sensitive in that.
The only 'gotcha' is, if I have a "" address - as I already have one at "" it would probably just relay mail to my normal inbox. Anybody ill-willed who gets it can be just as much a PITA as if he knew my "real" address.

David A. Cobb, Software Engineer, Public Access Advocate
"By God's Grace I am a Christian man, by my actions a great sinner." -- The Way of a Pilgrim; R. M. French, tr.
Life is too short to tolerate crappy software.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]