On Tue, Jan 06, 2004 at 09:09:47PM +0000, James Green wrote:
[ Yes, really bad idea. Microsoft should indeed be shot for allowing it. ]
TBH I don't see how this is MS fault. (wow, I am defending the evil!!)
software needs to be highly secure.
Six 'trusted' employees, six 'secure' servers. Employees are minor shareholders in the company. For an upgrade to be pushed out, a majority of
PGP keys all round I suspect.
OK, right, the software needs to be secure, that means it must come through one point, unless those trusted employees are security aware they are useless. Are they able to read code? have they had a hand in the development? PGP signing (well GPG) seems mandatory. Updates should come from the head of the IT dept, or whoever is given large amounts of dosh to put their head on the line.
It seems you are being a bit to specific to me wihtout giving enough detail, now I am currently looking for work, if you want to pay me some amount of dosh I would be prepared to do a proper risk assessment ;) but to be brutaly honest right now it sounds as though you need someone who knows what you want advising you.
Adam