On Wed, Sep 15, 1999 at 01:01:18PM +0200, Paul Slootman wrote: > I think his point is that if you can't trust a pgp signature to > sign a gpg key, why should trust a pgp signature to do anything > at all, e.g. accept an uploaded package. Seems like a reasonable > argument. Because the real user can undo one action and not the other. Because the integrity of multiple keys is compromised in one case and not the other. If I lose my key, that's a bad thing (but I can undo it). If I lose my key and then someone gets *you* to start signing bogus stuff, that's worse (and I can't undo it). In the particular case of debian packages this might not be that big a deal. (Except that it starts down the road of following bad practices--if I trust pgp sigs so much, why not sign your key since that other guy signed it...) In the larger case of maintaining the integrity of the web of trust, this is a much larger problem. Mike Stone
Attachment:
pgppsYzeC7wsq.pgp
Description: PGP signature