On Fri, Jul 27, 2007 at 02:50:17PM -0700, Ahmed Ghoneim wrote: > On 7/27/07, Mohammad DAMT <mdamt at gnome dot org> wrote: > > I'm afraid of a situation where somebody provides a badly tampered quran text. > > Unfortunately we can't do anything about it, even if we use something > > like pgp signed text. > > What if the *binary* distribution from arabeyes was signed, and wont > allow anything but the signed text. > which brings me to, is there an arabeyes key? The text can be signed but then, a patch can't make it to the data files because the signature won't validate. And the source is there so anyone can still modify the source, change the key ID and get away with it. -- GPG-Key: 0xA3FD0DF7 - 9F73 032E EAC9 F7AD 951F 280E CB66 8E29 A3FD 0DF7 Debian User and Developer. Homepage: www.foolab.org
Attachment:
signature.asc
Description: Digital signature