Re: Authentication with LP for DD's using gnupg

To: debian-devel@lists.debian.org
Subject: Re: Authentication with LP for DD's using gnupg
From: Jonathan McDowell <noodles@earth.li>
Date: Fri, 1 Aug 2008 17:10:39 +0100
Message-id: <[🔎] 20080801161039.GW30002@earth.li>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20080801153252.GA30067@dario.dodds.net>
References: <[🔎] 1217583772.3828.26.camel@dwarf.codehelp> <[🔎] 20080801100734.GJ6779@ftbfs.de> <[🔎] 20080801153252.GA30067@dario.dodds.net>

On Fri, Aug 01, 2008 at 08:32:52AM -0700, Steve Langasek wrote:
> On Fri, Aug 01, 2008 at 12:07:34PM +0200, Martin Zobel-Helas wrote:
> > rsync keyring.debian.org::keyrings/keyrings/debian-keyring.gpg 
> > can be synced publicly
> 
> Well, what trust path does that give us if LP uses rsync to copy the data?
> It would seem possible for someone to steal a DD's LP account then by
> MITM'ing this rsync.
 
There's an md5sums.txt file included in the rsync (keyrings/md5sums.txt)
that will either be signed by me (5B430367) or James Troup (AB2A91F5).

J.

-- 
101 things you can't have too much of : 11 - Coffee.
This .sig brought to you by the letter J and the number 47
Product of the Republic of HuggieTag

Reply to:

References:
- Authentication with LP for DD's using gnupg
  - From: Neil Williams <codehelp@debian.org>
- Re: Authentication with LP for DD's using gnupg
  - From: Martin Zobel-Helas <zobel@ftbfs.de>
- Re: Authentication with LP for DD's using gnupg
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: Bug#493236: ITP: wp-openid -- OpenID consumer plugin for WordPress
Next by Date: Bug#493255: ITP: libemail-thread-perl -- provide threading for Email::Simple objects based on Mail::Thread
Previous by thread: Re: Authentication with LP for DD's using gnupg
Next by thread: Re: Authentication with LP for DD's using gnupg
Index(es):
- Date
- Thread