Det här kom till samordningslistan, men det gäller nog lika mycket er andra. Hur många har PGP-nycklar redan? Jag har det inte.
attached mail follows:
------ List: GNU Coordinators List Sender: François Pinard <pinard@icule.progiciels-bpi.ca> Subject: Delays, and security Date: Tue, 4 Jun 1996 22:15:11 -0400 ------ Hi, everybody. First, I want to apologise for some delays in uploading of PO files to archives. A few have irregular header entries, and I find it quite tedious to check these all, and further, I also make mistakes. So, as an attempt to at least detect irregularities, I want to somewhat automate a little further checking and cross-validation before uploading. But I did not find the time to do it yet. Soon, hopefully. Nothing is lost. Second, discussing security with a few people around, it occurred to me that if someone would like to play tricks at GNU, it would be fairly easy to send forgeries of translation files (PO files), soon before an official release of a GNU package, as most of us are unable to even have an opinion at the quality or contents of translations (because the languages are foreign to one another), and proper teams might not always immediately check the contents of uploaded files. Seeking solutions, I installed PGP (Pretty Good Privacy) for myself and began to study it, while discussing such methods with other GNU people. I'm not really interested in the crypting facilities of PGP, as we have nothing to hide. I'm only interested in the signing facilities, able to prove that files come indeed from whoever sent them. I fear a little what the incoming explosion of Internet will bring us, on ethical standpoint. Many of you might know how easily one may achieve message forgery... So, if you feel like it, an experimental basis, you team coordinators are all invited to let me know your public key if you ever make one, and to PGP-sign messages conveying any information such that authentification of the sender might be adequate. Maybe I'm babbling non-sense and you do not even know what I'm speaking about. On the other hand, let me dream a little and presume that most of you are attracted to the said idea: then later, one of these days, all submitted PO files might require proper authentification, would it be by the translators themselves, or if only a few were unable to do so, then by their team coordinator in their name. Signatures of new team members, who may directly submit translations, might then have to be certified at least once by the appropriate team leaders. -- François Pinard ``Vivement GNU!'' pinard@iro.umontreal.ca Support Programming Freedom, join our League! Ask lpf@lpf.org for info!
Arkiv genererat av hypermail 2.1.1.