On Sat, Apr 01, 2000 at 03:38:29PM +0200, Marcus Brinkmann wrote: > I could not trust either. The former, because it is stored on a network > connected machine, the latter because it is transfered over the net (if it > is shared among the security team). Of course, if the security team use > their personal key in the latter case, I can trust it. Are you really sure that no developer stores their key on a net connected machine? Also, what's so fundamentally wrong with transferring a secret key over the net? Hint: PGP does it every time you send an encrypted email. Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG encrypted mail preferred. ``The thing is: trying to be too generic is EVIL. It's stupid, it results in slower code, and it results in more bugs.'' -- Linus Torvalds
Attachment:
pgp3VY61mWBb9.pgp
Description: PGP signature