From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-9384-arch-gentoo-dev=gentoo.org@lists.gentoo.org>
Received: (qmail 19354 invoked from network); 8 Jan 2004 07:13:38 +0000
Received: from smtp.gentoo.org (128.193.0.39)
  by eagle.gentoo.oregonstate.edu with DES-CBC3-SHA encrypted SMTP; 8 Jan 2004 07:13:38 +0000
Received: from lists.gentoo.org ([128.193.0.34] helo=eagle.gentoo.org)
	by smtp.gentoo.org with esmtp (Exim 4.24)
	id 1AeUML-0007pZ-VH
	for arch-gentoo-dev@lists.gentoo.org; Thu, 08 Jan 2004 07:13:37 +0000
Received: (qmail 1747 invoked by uid 50004); 8 Jan 2004 07:12:47 +0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 7126 invoked from network); 8 Jan 2004 07:12:46 +0000
Date: Thu, 8 Jan 2004 08:12:47 +0100
From: John Nilsson <john@milsson.nu>
To: Ciaran McCreesh <ciaranm@gentoo.org>
Cc: gentoo-dev@lists.gentoo.org
Message-ID: <20040108071247.GA21193@newkid>
References: <200401052305.45317.robert.cole@support4linux.com> <200401060831.21756.robert.cole@support4linux.com> <1073416672.8062.29.camel@localhost> <200401061143.33541.robert.cole@support4linux.com> <20040106200721.1dcf6cf3@snowdrop.home>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="PEIAKu/WMn1b1Hv9"
Content-Disposition: inline
In-Reply-To: <20040106200721.1dcf6cf3@snowdrop.home>; from ciaranm@gentoo.org on Tue, Jan 06, 2004 at 21:07:21 +0100
X-Mailer: Balsa 2.0.14
Subject: Re: [gentoo-dev] creating ebuilds
X-Archives-Salt: 662371d0-08f0-4a93-9220-e73e3f537d76
X-Archives-Hash: 04b4d4664ef2f7c05fd0c4db98daf4ad

--PEIAKu/WMn1b1Hv9
Content-Type: text/plain; Format=Flowed; DelSp=Yes; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

> Uh, how silly. Either you trust someone with the whole tree or you don't
> trust them at all.

Why not build something around a "web of trust" with pgp signatures? Have a=
n =20
open tree where people could submit anything that passed autotests. All =20
submisions would be signed. Signed content could only get updated buy user =
=20
with same signature or dev with higher trust for that area.

The choice of trust-level is then up to the sys-admin.

This idea is a bit rough, but I think it could be intresting to build on.

/John
--PEIAKu/WMn1b1Hv9
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQA//QLv0GAlrvwEkG4RAhUOAJ9AAAVvfYaP2MHL/2KU6vc6VwMDPACfcdwz
H71OfWBlM/P+/zSYl+f+bF4=
=R1Ed
-----END PGP SIGNATURE-----

--PEIAKu/WMn1b1Hv9--