ANNOUNCE: Review requests

Matthew Miller mattdm at
Sat Mar 19 03:10:57 UTC 2005

On Sat, Mar 19, 2005 at 12:35:43AM +0100, Enrico Scholz wrote:
> 2. use different logindata. This will be much data which nobody can
>    recall after some time. So, you have to use keymanagers or go through
>    a remember-password procedure on every login. I do not trust complex
>    systems like webbrowsers and think that this should be used for less
>    sensitive passwords only.
> So I think, that GPG based authentication is much more secure than the
> HTTP authentication.

You chose to snip a paragraph from my earlier message which I think is quite
relevant here, so I'm gonna repeat it:

  I'm not opposed to some sort of GPG signature-based process, but it needs
  to be integrated enough with the tools people will be using (webbrowsers,
  most likely) to make it not a burden.

We need a system that is workable for developers to use. It needs to be
secure, but it also needs to *aid* the process, not interfere with it.

Matthew Miller           mattdm at        <>
Boston University Linux      ------>                <>

More information about the fedora-extras-list mailing list