Time for Open-Source to Grow Up

Time for Open-Source to Grow Up
Jon Lasser, 2002-08-07

The OpenSSH backdoor demonstrates that the community must get pragmatic about package verification, and fast.

PGP is still the answer 2002-08-10
Sloppy

Whatever you come up with, could just be a degenerate subset of PGP. A web-of-trust system can emulate a hierarchical system; just have the tool come with the distributor's PGP key the same way that, for example, web browsers come with some trusted SSL certs.

No need to invent any new standards,...

[ more ]