@TrevorBramble for signing gems see http://bit.ly/Vob3hV … hoe will sign for you once you've generated the key and cert, as will RubyGems 2
-
-
Replying to @drbrain
@drbrain@TrevorBramble how do people know to trust the cert?3 replies 0 retweets 0 likes -
Replying to @tenderlove
@tenderlove@drbrain@TrevorBramble it's the same problem with PGP. How do you know the cert really belongs to the developer?2 replies 0 retweets 0 likes -
Replying to @postmodern_mod3
@postmodern_mod3@drbrain@TrevorBramble ah, so self-signed x509 is just as trustworthy as PGP? Makes sense.2 replies 0 retweets 0 likes -
Replying to @tenderlove
@tenderlove@drbrain@TrevorBramble you need face-to-face verification when signing certs/keys.1 reply 0 retweets 0 likes -
Replying to @postmodern_mod3
@postmodern_mod3@drbrain@TrevorBramble Yes. I heard that PGP’s web of trust concept doesn’t actually work.3 replies 0 retweets 0 likes -
Replying to @tenderlove
@tenderlove@drbrain@TrevorBramble please stop trolling. You must carefully verify other peoples identity/keys before signing them.2 replies 0 retweets 0 likes -
Replying to @postmodern_mod3
@postmodern_mod3@tenderlove@TrevorBramble who ensures every signed key's owner's identify was carefully verified?2 replies 0 retweets 0 likes -
Replying to @drbrain
@drbrain@postmodern_mod3@tenderlove@TrevorBramble thinking of a site where you login with Github or Twitter, post URLs to your blog etc1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@postmodern_mod3@tenderlove@TrevorBramble "this code came from that repository and those authors" would be enough for me1 reply 0 retweets 0 likes
@drbrain @postmodern_mod3 @tenderlove @TrevorBramble if http://RubyGems.org wants to run a CA I think that'd be great ;)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.