> attached (valid) GPG/PGP signatures (from a valid developer?)"
-- valid GPG signature present on public servers, not necessarily from a
valid DD seems to be a valid scheme. I haven't seen any spam GPG signed
yet
-- another idea would be to use the same authentication as used by most
of the mailing list servers -- verification of intent: confirmation
email sent to the originating email address and reply to it keeping
subject with a key code intact would verify that it was a valid request.
Otherwise original request expires in a day or two if it doesn't get
confirmed.
Then anyone who wants automate this process writes a 2 liner procmail
rule ;-)
My 2 kopeyki (ie cents)
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
Attachment:
pgphsmycCrp8n.pgp
Description: PGP signature