Managing Code Signing Digital IDs for Open Source? 103
Saqib Ali asks: "What are the best practices for managing Code Signing Digital IDs for Open Source projects, where the developers are dispersed throughout the globe? For our project there is NO central office, where we can secure the private key for the Code Signing Digital ID. Who should have the possession of the private key? Multiple people, or just the project manager? What Key Escrow (recovery) techniques can be used, in case the private key holder is not available? Who should be allowed to digitally sign the build? Currently one person handles the signing responsibility, but I think that is surely a single point of failure. Any thoughts/ideas?"
Why ask? (Score:5, Funny)
I know who you can trust. (Score:4, Funny)
They invented code signing after all....
Good use for AI (Score:3, Funny)
I've almost finished programming it with some neat defense technology, to deal with hackers that try to break into it, or child pedos that think it's a seven year old boy and want to play.
Now, I'm going to give it some ability to review the source code for our missile-launching satellites and robotic defense schematics.
BTW you'll find this funny: it's already smart enough to complain about the name I gave it. Although personally, I think SkyNet is a great name.
You know what they say (Score:4, Funny)