On Sat, Aug 15, 2015 at 12:49:43PM +0200, alberto fuentes wrote: > > What I'm wondering is if we are doing a "Distribute KSP", why > > we don't check the hash also in a distributed way? By sharing > > your hash when you are exchanging info to sign a key or by > > sharing it publicly via people.debian.org, IRC, a mail list > > thread, or even microblogging, anywhere you can say "here's my > > hash, it matches anibal's hash". > The whole point to check the hash is so you only have to do it once... > Otherwise, if you are going to do it with every person, you better check > the fingerprint of that person instead :P I think we strongly need a proper list of things to do when you want to sign a key/get one signed, to avoid confusion. -- WBR, wRAR
Attachment:
signature.asc
Description: Digital signature