[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Signing Packages.gz

Hi Robert, 

On Mon, Apr 03, 2000 at 01:46:22PM +0200, Robert Bihlmeyer wrote:
> $ gpg --check-sigs testkey
> pub  1024D/36FF3F58 1999-07-24 Robert Bihlmeyer (Testkey - do not use)
> rev!       E6583EFB 2000-03-31  Robert Bihlmeyer <robbe@orcus.priv.at>
> sig!       36FF3F58 1999-07-24  Robert Bihlmeyer (Testkey - do not use)
> sig!       E6583EFB 2000-03-31  Robert Bihlmeyer <robbe@orcus.priv.at>
> This key is self-signed, signed by E6583EFB, and there's a revocation
> by E6583EFB on it, invalidating all signatures by E6583EFB.

I will never revoke a signature I made on a key because somebody leaves
Debian. That I signed that key tells people that he actually is that
person. If he leaves Debian he is still that person.

For example the PGP of myself in the keyring has <t.landschoff@gmx.net> as 
my address. In case I leave Debian I would still like to keep my key
signed just because it improves the web of trust.

Still that key should not allow me to upload packages to master. And it 
should prevent me from placing some package at a mirror stating it is
from Debian...


Attachment: pgpgT4w0Ilmqr.pgp
Description: PGP signature

Reply to: