On Mon, Apr 8, 2013 at 10:10 AM, John Meinel <john at arbash-meinel.com> wrote: > We could trust a specific CA or web or whatever, but why not just have a key > that is needed to release the tools? +1; TLS won't even work when the public tools are synced up elsewhere. gustavo @ http://niemeyer.net