@bascule and, without the central place, just doing file hash comparison is a good enough source of truth
-
-
-
@raggi yeah. I'm still interested in making a CA ;) -
@bascule IMO, the biggest failure we had, in the part that took the most effort, was that we had no source of truth for the s3 data -
@raggi if you had a trust root you'd have a source of truth -
@bascule right :) as long as it didn't live on http://rubygems.org -
-
New conversation -
-
-
@bascule … unless there's an easy to validate trust modelThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule i'm not saying there aren't other good reasons to sign gems, but for this kind of recovery, it won't help much…Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule right, the problem is, practically, getting all the certs to verify is problematic without the central placeThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule I'd like to be a part of that. If it crops up.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.