[Mageia-dev] Mageia 3 feature proposals review

Johnny A. Solbu cooker at solbu.net
Thu Jun 28 03:46:01 CEST 2012

On Wednesday 27 June 2012 20:37, AL13N wrote:
> if RH and Canonical both had worked together with some independant entity 
> (like cacert.org ) it could've been handled alot better.

RedHat explored that idea and turned it down, because no one was viling to do it, and doing it them selves was hugely expensive.

"An alternative was producing some sort of overall Linux key. It turns out that this is also difficult, since it would mean finding an entity who was willing to take responsibility for managing signing or key distribution. That means having the ability to keep the root key absolutely secure and perform adequate validation of people asking for signing. That's expensive. Like millions of dollars expensive. It would also take a lot of time to set up, and that's not really time we had. And, finally, nobody was jumping at the opportunity to volunteer. So no generic Linux key."

Johnny A. Solbu
PGP key ID: 0xFA687324
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/mageia-dev/attachments/20120628/ab7eeca3/attachment.asc>

More information about the Mageia-dev mailing list