> attached (valid) GPG/PGP signatures (from a valid developer?)" -- valid GPG signature present on public servers, not necessarily from a valid DD seems to be a valid scheme. I haven't seen any spam GPG signed yet -- another idea would be to use the same authentication as used by most of the mailing list servers -- verification of intent: confirmation email sent to the originating email address and reply to it keeping subject with a key code intact would verify that it was a valid request. Otherwise original request expires in a day or two if it doesn't get confirmed. Then anyone who wants automate this process writes a 2 liner procmail rule ;-) My 2 kopeyki (ie cents) -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555]
Attachment:
pgphsmycCrp8n.pgp
Description: PGP signature