PGP use (was Re: uploaded package handling)
In message <[🔎] m0u6WJR-00063bC@mongo.pixar.com>, Bruce Perens writes:
>PGP is free, and it lets us have us some confidence that the person who
>sent the package really is the maintainer. Given the potential for trojan
>horse attacks, that's important.
>Uh, I guess that means I have to start using it too. I bought Zimmerman's
>manual and haven't had time to read it.
If you happen to edit your email with Emacs, I (and I suspect Andy
Guy) can unequivocably recommend MailCrypt. It makes it so easy it's
almost not fun.
If you use a less-kitchen-sinkish editor than Emacs, it's probably
best to keep a copy of mailx around just for this---so you can edit
your message, sign by hand and then send by piping it in.
Just remember pgp -h and pgp -k---they're your two informational
switches.
Now, does anyone have any ideas about what would be involved in
setting up a "Debian key server", so that we can have a distribution
point for all of these keys?
Mike.
--
"Don't let me make you unhappy by failing to be contrary enough...."
Reply to: