[WineHQ] service.cgi fixes
Dimitrie O. Paun
dpaun at rogers.com
Tue Jun 15 12:44:07 CDT 2004
On Tue, Jun 15, 2004 at 05:14:46PM +0100, Paul Millar wrote:
> With network security, any activity implies at least some trust. The script
> wasn't brilliant, but pushing the functionality into winrash doesn't really
> solve the problem: we'd still need to verify the binaries somehow, or just
> trust that the binaries are OK.
Yes, we need to verify them, but not before we verify the script. Otherwise,
it's much easier to feed us a hacked script...
> But, in the mean time, I'll continue generating the sig files (as it happens
> automatically) so future gpg verification-code has something to test against.
Sure, that can't hurt, maybe one day we'll use it.
More information about the wine-devel