[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Contribute to pf(4)

On Tue, Jul 16, 2002 at 07:14:27AM -0500, Joseph W. Shaw II wrote:

> Ultimately, you have to be able to trust whoever supplies these packages
> and how does one build that trust?

By doing it. You build the packages, you put them on your server, you
sign them with your key, which contains your real name. Some people will
not trust you, others will fetch your binaries because it's easier than
building them. With time, people will trust your name. It helps if you
use your real identity and have at least some professional reputation to
lose. How else could this possibly work? Theo flies over to you,
verifies your passport, then uses advanced interrogation techniques
(like, beer) to find out whether you've built a fake identity in the
last 20 years and secretly work for the NSA?

Or the project might fail, nobody downloads your binaries. Point is,
you'll never know in advance, there's no guarantee for success. Try it
and see.