Re: OT: More about GPG signing

To: debian-user@lists.debian.org
Subject: Re: OT: More about GPG signing
From: Phil Dobbin <bukowskiscat@gmail.com>
Date: Sun, 13 May 2012 15:41:52 +0100
Message-id: <[🔎] 4FAFC830.9010606@gmail.com>
Reply-to: bukowskiscat@gmail.com
In-reply-to: <[🔎] 20120513140517.GB32262@debian>
References: <[🔎] 4FABC0C2.60301@gmail.com> <[🔎] 4FABD06D.6040902@gmail.com> <[🔎] 4FABDB44.9020500@vanderhoff.org> <[🔎] 20120511122334.GB27884@aurora.owens.net> <[🔎] 4FAD2FA6.2020704@vanderhoff.org> <[🔎] 20120511174840.3663578f@bonifac.skk> <[🔎] 4FAD431A.7040803@gmail.com> <[🔎] 20120513113105.GC10116@sid.nuvreauspam> <[🔎] 4FAFBEDA.9020205@gmail.com> <[🔎] 20120513140517.GB32262@debian>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 13/05/12 15:05, Jon Dowland wrote:

> On Sun, May 13, 2012 at 03:02:02PM +0100, Phil Dobbin wrote:
>> If that was the strategy everybody adopted with PGP, there'd be
>> very few, if any, keys signed, ever.
> 
> This *is* the strategy that most people use for PGP.
> 
>> Thanks for the advice but I think I'll pass.
> 
> You are entitled to maintain whatever local policy for signing you
> want: but, it weakens your position in a web of trust if your
> signatures are 'weaker' than other peoples. It means any trust path
> that flows through a signature of yours is suspect.
> 
> GPG lets you choose a 'trust level' for keys. I'd suggest at least
> using a low-level value for keys you haven't validated.

In the case in question I used "I will not answer" & "I don't know" as
I do with virtually all the very few keys I sign via a mailing list.

As somebody else posted on this subject some time ago (maybe a week
ago; this thread has been limping on for a long time) it helps one
identify participants on the list whose views seem to lucid, practical
& knowledgeable. I've found it unfortunate that after returning to
this list after several years away, I've actually had to send several
poster's addresses to /dev/null because of their rudeness & downright
bad manners. So any tool to identify genuinely helpful Debian users
who use these lists in a responsible manner is most welcome.

Cheers,

  Phil...

- -- 
currently (ab)using
Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPr8gwAAoJECPmYW6gk8JjWhAH/iT19Ggx09w9puciVunNaECS
wr9bMe8HaDxcXPsiooRLyEwPf6vaEU7+7efGnEpdb3C+IhUG5QsoUCiwjwQPN4Mt
HIcaERaVDP2rt0uaY3626+A3O1UaDnBZJ1+bDScHWw6q35MxXrFbhB7WqU8UmEj6
MJ06k2yIc+1vjJ7sAMR2Gk3horiPWoLkl16eAQkF+TlzSbeNCFxHpeZnXg4Ngydu
6qJNDvFrXq3obLZinLkb9cBqQc9eSgjjB39MljMn+PAYXcE5UHWn70DFzR72zeS0
wOMcgWUCYlbhA9FQHmFVAKC2UcHJjXMkQs/Ey7u2ytetPyaox+foGEmpBm8l+Z4=
=i6cU
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: OT: More about GPG signing
  - From: Andrei POPESCU <andreimpopescu@gmail.com>

References:
- Debian Administrator's Handbook
  - From: Lars Noodén <lars.nooden@gmail.com>
- Re: Debian Administrator's Handbook
  - From: Phil Dobbin <bukowskiscat@gmail.com>
- OT: More about GPG signing
  - From: Tony van der Hoff <tony@vanderhoff.org>
- Re: OT: More about GPG signing
  - From: Rob Owens <rowens@ptd.net>
- Re: OT: More about GPG signing
  - From: Tony van der Hoff <tony@vanderhoff.org>
- Re: OT: More about GPG signing
  - From: Slavko <linux@slavino.sk>
- Re: OT: More about GPG signing
  - From: Phil Dobbin <bukowskiscat@gmail.com>
- Re: OT: More about GPG signing
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: OT: More about GPG signing
  - From: Phil Dobbin <bukowskiscat@gmail.com>
- Re: OT: More about GPG signing
  - From: Jon Dowland <jmtd@debian.org>

Prev by Date: Re: To the list admins: Call for Ban on this SPAM
Next by Date: Re: multiboot problem in squeeze
Previous by thread: Re: OT: More about GPG signing
Next by thread: Re: OT: More about GPG signing
Index(es):
- Date
- Thread