Re: [Savannah-hackers] savannah update

[Loic Dachary]

Paul Fisher writes:
 > We're going to have to help people learn to use GPG to insure that
 > their software isn't trojaned in the future.  Having signed releases
 > is the only way to do that.

        I agree. The only part I have doubts about is to make that a
requirement. A new hosting facility could start with this requirement.
Imposing this requirement to all existing Savannah projects is
going to be a major drawback for the vast majority of software
developpers.

 > That's a decision that's not mine to make.  At the very least, we will
 > provide a secure means for projects to upload files that are GPG
 > signed.  If projects don't want to use it, we can provide another
 > means for uploading files as well.

        The decision is indeed not ours. Only projects leaders can
decide how their own files are secured. Savannah can only legitimately
step in for two reasons : Free Software philosophy and machines
compromission. The rest is a matter of services proposed and not
imposed. As a project leader I would be shocked if the hosting
facility I rely on *changes* its policy to teach me a lesson I'm
forced to hear.

        Cheers,

-- 
Donate to FSF France online : http://rate.affero.net/fsffrance/
Loic Dachary, 12 bd Magenta, 75010 Paris. Tel: 33 1 42 45 07 97      
http://www.fsffrance.org/   http://www.dachary.org/loic/gpg.txt