[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: David D.W. Downey - Old Key 42D8F306 Signed by New Key C5A76BF6

On Thu, Apr 11, 2002 at 11:47:33AM -0500, Manoj Srivastava wrote:
> 	Have you done anything that I can't do as well right now? I
>  mean, I can download your old key, create a new one, and do all you
>  have outlined?
> 	manoj

Because I am not yet an official dd (I am waiting for the DAM Approval
as a lot of people), I don't have practical info about this particular
issue :

Would it be possible for the new 'David D.W. Downey' to hijack the
identity of the old 'David D.W. Downey' and then upload packages without
getting his new key signed by a dd ?

David : I understand that you are certainly the old and the new David
but we can not be sure and I am wondering if we have a security flaw
here. There is nothing personal, I hope your new key will be signed
soon. And this give me a good reason to check that my key is safe in
this regard.


Christophe Barbé <christophe.barbe@ufies.org>
GnuPG FingerPrint: E0F6 FADF 2A5C F072 6AF8  F67A 8F45 2F1E D72C B41E

Imagination is more important than knowledge.
   Albert Einstein, On Science

Attachment: pgpk3A5Ezwvft.pgp
Description: PGP signature

Reply to: