Re: Migrating to GPG - A mini-HOWTO
> > > Again, no it isn't. How do they know that someone didn't
> > > steal your pgp key?
> > >
> > > How is this different from the question ``How does dinstall (or other
> > > person/program) know someone hasn't stolen [developer]'s PGP key?''
> > Because I can issue a key revocation if a key that I own is compromised.
> Why can you issue this revocation to the keyring for dinstall but not
> for the people who have signed your key?
But what if the person who *stole* my PGP key sent around the new
OpenPGP key for signature? I can't revoke it, as I don't have the
secret key, and there is now a key going around which looks like it's
mine and there's nothing I can do about it.
Julian Gilbey, Dept of Maths, QMW, Univ. of London. J.D.Gilbey@qmw.ac.uk
Debian GNU/Linux Developer, see http://www.debian.org/~jdg