|
|
|
|
|
|
by kgo
4853 days ago
|
|
|
Basically because a proper X.509 implementation requires a CA to be in place first, so you have a place to submit a CSR, but there is no CA, so you're forced to self sign. I've written a rant on the topic here: http://www.rubygems-openpgp-ca.org/blog/gem-signing-x509-and... I've been trying to get people to sign with OpenPGP because that can be done first and then you can put an authentication system into place after the fact. You can't do this with X.509, if/when a CA comes into play all gems would need to be resigned and republished. |
|
|