[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] Key Signing at Debconf: Attend the BoF for Checksum reading!



On Sat, Aug 15, 2015 at 12:39 PM, Felipe Augusto van de Wiel (faw) <faw@funlabs.org> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 15/08/15 12:18, alberto fuentes wrote:



What I'm wondering is if we are doing a "Distribute KSP", why
we don't check the hash also in a distributed way?  By sharing
your hash when you are exchanging info to sign a key or by
sharing it publicly via people.debian.org, IRC, a mail list
thread, or even microblogging, anywhere you can say "here's my
hash, it matches anibal's hash".

The whole point to check the hash is so you only have to do it once... Otherwise, if you are going to do it with every person, you better check the fingerprint of that person instead :P
Reply to: