[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC libquran: Data packaging



On Fri, Jul 27, 2007 at 02:50:17PM -0700, Ahmed Ghoneim wrote:
> On 7/27/07, Mohammad DAMT <mdamt at gnome dot org> wrote:
> > I'm afraid of a situation where somebody provides a badly tampered quran text.
> > Unfortunately we can't do anything about it, even if we use something
> > like pgp signed text.
> 
> What if the *binary* distribution from arabeyes was signed, and wont
> allow anything but the signed text.
> which brings me to, is there an arabeyes key?

The text can be signed but then, a patch can't make it to the data files because the signature won't validate.

And the source is there so anyone can still modify the source, change the key ID and get away with it.

-- 
GPG-Key: 0xA3FD0DF7 - 9F73 032E EAC9 F7AD 951F  280E CB66 8E29 A3FD 0DF7
Debian User and Developer.
Homepage: www.foolab.org

Attachment: signature.asc
Description: Digital signature