Re: [dev] dmenu-4.4

From: Nick <suckless-dev_AT_njw.me.uk>
Date: Wed, 20 Jul 2011 11:06:37 +0100

On Wed, Jul 20, 2011 at 10:58:32AM +0100, Kai Hendry wrote:
> On 20 July 2011 10:54, Nick <suckless-dev_AT_njw.me.uk> wrote:
> >  wget http://dl.suckless.org/tools/dmenu-4.4.tar.gz.sig
> >  gpg --verify dmenu-0.4.tar.gz.sig
> > is not that tricky.
>
> You've skipped over the part of how you exchange the public key, no?

That is true, yes, good point.

But just downloading the key from a keyserver, even if it isn't
trusted by your web of trust, is better than e.g. just
distributing a hash, and as mentioned trusting CAs (HTTPS) is
pretty problematic.

> If it's not that tricky why doesn't Arch for example build it in to their tools?

I know very little of Arch's processes, so I can't say.

> And btw gpg sucks big time. :)

Alas yes, but it does work well.
Received on Wed Jul 20 2011 - 12:06:37 CEST

This archive was generated by hypermail 2.2.0 : Wed Jul 20 2011 - 12:12:03 CEST