incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <danie...@apache.org>
Subject Re: [VOTE] Apache OpenOffice Community Graduation Vote
Date Mon, 27 Aug 2012 15:25:36 GMT
Jim Jagielski wrote on Mon, Aug 27, 2012 at 10:38:15 -0400:
> After this, please drop general@
> 
> On Aug 27, 2012, at 10:16 AM, Rob Weir <robweir@apache.org> wrote:
> 
> >> 
> >> A signature does 2 things:
> >> 
> >>  1. Ensures that no bits have been changed
> >>  2. That the bits come from a known (and trusted) entity.
> >> 
> > 
> > Almost.  It doesn't guarantee trust.
> 
> Sure it does. If something is signed by Bill or Ross, etc I
> trust that it came from them. Anything else is tangential to
> what a signature provides.

A signature ties a file to a public key, and then "trusted?" is an
attribute of the public key.  Signatures do not provide trust by
themselves (i.e., without some means to establish trust in the public
keys).

Mime
View raw message