[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [debian-knoppix] FAQ: what is *.md5.asc file?


| From: Klaus Knopper <knopper@linuxtag.org>

| True, it's not explaind in the FAQ. On the other hand: People who don't
| know about detached signatures probably don't really need them, right?

I hope that you meant that sarcastically.

I agree that you need not force folks to use good security, but I
think you should help them in that direction.

gpg is an awkward tool with a daunting manual.  Even the --help output
is scary.  A simple annotated recipe, like the one I included, could
make appropriate use of .md5 and .md5.asc quite easy and painless for
many folks (not GUI users).

| I must admit that I don't really believe in the "Web of Trust", so,
| the only reliable way would be, to get the key directly from me (or
| its fingerprint), or, if you believe in the security scheme of these,
| from a public keyserver.

You could spread your key around so it is available a bunch of places.
Then subversion is harder.  For example, in this mail message.

| You may also find my key(s) at
| http://hydra.linuxtag.uni-kl.de/~knopper/knopper.asc
| but of course that is not a reliable way either.

My habit is to grab .iso files from a mirror (lessens the load on the
master server).  But I get the .md5s and .md5.ascs from the most
authoriative source I can find.  I hope that this reduces the chance of

I recommend that you put a link to your public key on the web page.

| I'm not sure whether this is really a "frequently asked" question. So
| far, you are about the third one asking in 2 years.

Sad, I'd say.

| Maybe a hint in the README on the mirrors would be sufficient?

Anything to make security easier is good, I'd say.

Hugh Redelmeier
hugh@mimosa.com  voice: +1 416 482-8253

Version: 2.6.3ia
Charset: noconv


debian-knoppix mailing list

Reply to: