From octave-maintainers-request at bevo dot che dot wisc dot edu Thu Apr 1 12:53:32 2004 Subject: Re: digital signatures From: Przemek Klosowski To: slipa at eos dot ncsu dot edu, octave-maintainers@bevo.che.wisc.edu Date: Thu, 1 Apr 2004 13:51:58 -0500 (EST) Steve, I am not denying that digital signatures are good; I am just saying that there's not enough infrastructure in the world at large to use them exclusively. Doing only gpg sigs will leave out everyone who doesn't have the setup; I am arguing to do both! You definitely gloss over the problem of not having the gpg/pgp infrastructure on the client end. It's one thing to have John do 'gpg --sign', but you then have to tell everyone to - get gpg if they don't already have it - find and import John's public key - check the signatures. In fact, it'd be easier to do that by packaging octave in RPM packages, because it's easier to explain (get John's key, rpm -Uvh). RPM, for all its warts, actually covers quite a range of systems. I wonder if there's a windows port?