Re: RFC: gnupg

To: debian-devel@lists.debian.org
Subject: Re: RFC: gnupg
From: James Troup <james@nocrew.org>
Date: 05 Jul 1998 23:03:58 +0100
Message-id: <[🔎] dmmogv4lzu9.fsf@dcsun4.comp.brad.ac.uk>
In-reply-to: Zed Pobre's message of "Sun, 5 Jul 1998 16:52:22 -0500 (CDT)"
References: <[🔎] Pine.LNX.3.96.980705164337.8956A-100000@moebius.interdestination.net>

Zed Pobre <zed@moebius.interdestination.net> writes:

> >3) You will use your existing PGP key to sign your gpg key
> >   initially - I see no scope there for exploits, could you
> >   clarify?
> 
> You can't use an existing PGP key to sign a GPG key, not in the
> usual fashion anyway.  I suppose I could uuencode the GPG key output
> and sign THAT with my PGP key.

*sigh*.  Are you trolling?

gpg --armor --output mykey.asc --export "Joe Bloggs"
pgp -fast < mykey.asc > mykey.asc.pgp

Send the resulting mykey.asc.pgp in an email.  This is exactly what
everyone has done so far, even before I asked them to.  Obviously
wasn't that hard for people other than you to figure out.

Again, how the hell is this exploitable?  And do you think I would
seriously accept random GNUPG keys from current maintainers without
them being PGP signed?  That's _very_ insulting.  Maybe you are
trolling.

-- 
James
~Yawn And Walk North~                                  http://yawn.nocrew.org/

--  
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: RFC: gnupg
  - From: Zed Pobre <zed@moebius.interdestination.net>

Prev by Date: 1 source - several packages/maintainers
Next by Date: Re^2: non-free and "cd-ok", again
Previous by thread: Re: RFC: gnupg
Next by thread: Re: RFC: gnupg
Index(es):
- Date
- Thread