Re: Authentication with LP for DD's using gnupg
On Fri, Aug 01, 2008 at 08:32:52AM -0700, Steve Langasek wrote:
> On Fri, Aug 01, 2008 at 12:07:34PM +0200, Martin Zobel-Helas wrote:
> > rsync keyring.debian.org::keyrings/keyrings/debian-keyring.gpg
> > can be synced publicly
> Well, what trust path does that give us if LP uses rsync to copy the data?
> It would seem possible for someone to steal a DD's LP account then by
> MITM'ing this rsync.
There's an md5sums.txt file included in the rsync (keyrings/md5sums.txt)
that will either be signed by me (5B430367) or James Troup (AB2A91F5).
101 things you can't have too much of : 11 - Coffee.
This .sig brought to you by the letter J and the number 47
Product of the Republic of HuggieTag