On Sat, Sep 6, 2008 at 1:38 AM, jdow <jdow@xxxxxxxxxxxxx> wrote: > From: "Anders Karlsson" <anders@xxxxxxxxxxxxxx> > Sent: Friday, 2008, September 05 13:12 Some 50000 posts later ..... Where are the other critical open source players in all this? Moving forward... At this point a critical missing component is the framework to re-key/ sign the top of a distribution tree/mesh. All vendors might face this same problem and so all vendors have skin in this game. It seems that a collection of face to face credential exchanges and FedX packages containing CDROMs with the public half of key pairs to and from the likes of RH, Fedora, Sun, Cray, Cisco, Dell, Debian, Ubuntu, Scientific Linux, Cern, CentOS, and some.edu sites on multiple continents could go a long way to establish a foundation for a web of trust. Each site can then use their 'top' level keys to sign a set of critical site and individual keys then place the master key in an off line vault. Once the foundation is in place ... more can be done (designed). -- NiftyFedora T o m M i t c h e l l -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines