[Catalog-sig] User profile: PGP Key ID
Daniel Holth
dholth at gmail.com
Wed Feb 20 21:50:16 CET 2013
Bikeshed detected.
RSA primitives exist in pure python just fine too FYI.
In TUF (theupdateframework) key revocation is handled entirely inside the
framework. No trust comes from outside the system and something like an
OCSP server is not needed. Consider that keys can be revoked per-project
for example when a developer leaves one project and joins another. (This
has nothing to do with the signature algorithm.)
On Wed, Feb 20, 2013 at 3:25 PM, Jeremy Stanley <fungi at yuggoth.org> wrote:
> On 2013-02-20 21:12:18 +0100 (+0100), M.-A. Lemburg wrote:
> [...]
> > At that point, the SSL infrastructure becomes just as difficult to
> > deal with as GPG/PGP, so there isn't much to win both ways, IMO.
> > You just have to deal with it...
>
> And OpenPGP/GnuPG has the benefit that most prominent free software
> developers use it and have done so for many years, have their keys
> published in well-known keyservers, established web of trust, et
> cetera. S/MIME, while interesting, lacks significant penetration
> into the free software developer community and is mostly the domain
> of enterprises and commercial interests.
> --
> { PGP( 48F9961143495829 ); FINGER( fungi at cthulhu.yuggoth.org );
> WWW( http://fungi.yuggoth.org/ ); IRC( fungi at irc.yuggoth.org#ccl );
> WHOIS( STANL3-ARIN ); MUD( kinrui at katarsis.mudpy.org:6669 ); }
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130220/2deda29d/attachment.html>
More information about the Catalog-SIG
mailing list