Re: Migrating to GPG - A mini-HOWTO
Michael Stone wrote:
> > On Tue, Sep 14, 1999 at 03:38:34PM +0200, Marco d'Itri wrote:
> > > I signed my DSS key with the old RSA key and then asked people who
> > > signed the old key to sign the new one with their DSS key.
> > > This is easy and secure.
> > Again, no it isn't. How do they know that someone didn't steal your pgp
> > key?
> > How is this different from the question ``How does dinstall (or other
> > person/program) know someone hasn't stolen [developer]'s PGP key?''
> Because I can issue a key revocation if a key that I own is compromised.
Why can you issue this revocation to the keyring for dinstall but not
for the people who have signed your key?
Let's call it an accidental feature. --Larry Wall
Please always Cc to me when replying to me on the lists.