-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 07 Jan 2002 16:39, Rich Kilmer wrote:
> I did not say anything about a remote keyserver.  I said to have a Gem(Jar)
> cryptographically signed through the process of generating a public/private
> key pair (as a library developer) and then generating a SHA hash of the Gem
> and encrypting the SHA with the private key.  You then upload the Gem with
> the SHA/public key as a bundle to validate that it was in fact not changed
> and from the public keys owner.  Now, the method by which I download the
> public keys of developers I "trust" is definately an issue but there are
> emerging systems that are being developed to [help] solve this problem in a
> distributed (rather than centralized) fashion that fall under the name
> "reputation networks".

I believe this is how Loki (http://www.lokigames.com - games for the penguin) 
release any patches to their released games.

- -- 
Signed,
Holden Glova
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8OUMd+mF116Lw2cQRAhGLAJ93zy53BFJ+O3y7vF0098VoVSP7NwCfQKZN
8glE/KH/HhLR1zMdK/h7y+o=
=yyIL
-----END PGP SIGNATURE-----