caff vs cabot
Laurent Fousse
laurent at komite.net
Wed May 25 19:41:29 CEST 2005
Hi Joost,
* Joost van Baal [Wed, May 25, 2005 at 09:38:17AM +0200]:
> Peter wrote about caff:
>
> we achieve the same level of security as common Challenge
> Response systems like CABot, without all the extra hassle of those
> systems.
>
> I can think of just one benefit of cabot: it is shipped with Debian.
> Any more thoughts?
Same security, different goals. The user of caff has no idea of the
validity of each uid, it's up to the signed key recipient to make the
signature available for others. So cabot is for key signers who care
(more?) about the validity of every single uid (they get
challenge-response, they are in full control).
Here I'm just saying caff does not render cabot useless. But as a user
I must say I would rather use caff than cabot now (if it was
packaged). And as the package maintainer, I don't always see the fact
it is shipped with debian as a benefit : it brings bugreports I don't
feel that much like fixing with my upstream developer hat on because
the code is... not that pretty (and I'm more or less converted from
perl to python nowadays).
Especially when I see negative comments on planet debian (can't put my
hand on the link again). In short: motivation is gone.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.noreply.org/pipermail/cabot-devel/attachments/20050525/f1055ae5/attachment.pgp
More information about the Cabot-devel
mailing list