incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <danie...@apache.org>
Subject Re: [VOTE] Apache OpenOffice Community Graduation Vote
Date Mon, 27 Aug 2012 15:25:36 GMT
Jim Jagielski wrote on Mon, Aug 27, 2012 at 10:38:15 -0400:
> After this, please drop general@
> 
> On Aug 27, 2012, at 10:16 AM, Rob Weir <robweir@apache.org> wrote:
> 
> >> 
> >> A signature does 2 things:
> >> 
> >>  1. Ensures that no bits have been changed
> >>  2. That the bits come from a known (and trusted) entity.
> >> 
> > 
> > Almost.  It doesn't guarantee trust.
> 
> Sure it does. If something is signed by Bill or Ross, etc I
> trust that it came from them. Anything else is tangential to
> what a signature provides.

A signature ties a file to a public key, and then "trusted?" is an
attribute of the public key.  Signatures do not provide trust by
themselves (i.e., without some means to establish trust in the public
keys).

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message