Time for Open-Source to Grow Up

Time for Open-Source to Grow Up
Jon Lasser, 2002-08-07

The OpenSSH backdoor demonstrates that the community must get pragmatic about package verification, and fast.

Stick to PGP 2002-08-14
Anonymous

PGP is easy to check. So are MD5. Any verification is easier than fixing a disaster later. I personally prefer a PGP sig, with the key at some well known location. Anyone who is using the key on the provider site is probably the same person who would reset their root password when the "OS vendor...

[ more ]