Re: [debian-knoppix] FAQ: what is *.md5.asc file?

To: Klaus Knopper <knopper@linuxtag.org>
Cc: debian-knoppix@linuxtag.org
Subject: Re: [debian-knoppix] FAQ: what is *.md5.asc file?
From: "D. Hugh Redelmeier" <hugh@mimosa.com>
Date: Wed, 2 Apr 2003 18:17:28 -0500 (EST)
Message-id: <[🔎] Pine.LNX.4.44.0304021728330.24231-100000@redshift.mimosa.com>
Reply-to: "D. Hugh Redelmeier" <hugh@mimosa.com>
In-reply-to: <[🔎] 20030402221353.GR816@linuxtag.org>

-----BEGIN PGP SIGNED MESSAGE-----


| From: Klaus Knopper <knopper@linuxtag.org>

| True, it's not explaind in the FAQ. On the other hand: People who don't
| know about detached signatures probably don't really need them, right?

I hope that you meant that sarcastically.

I agree that you need not force folks to use good security, but I
think you should help them in that direction.

gpg is an awkward tool with a daunting manual.  Even the --help output
is scary.  A simple annotated recipe, like the one I included, could
make appropriate use of .md5 and .md5.asc quite easy and painless for
many folks (not GUI users).

| I must admit that I don't really believe in the "Web of Trust", so,
| the only reliable way would be, to get the key directly from me (or
| its fingerprint), or, if you believe in the security scheme of these,
| from a public keyserver.

You could spread your key around so it is available a bunch of places.
Then subversion is harder.  For example, in this mail message.

| You may also find my key(s) at
| http://hydra.linuxtag.uni-kl.de/~knopper/knopper.asc
| but of course that is not a reliable way either.

My habit is to grab .iso files from a mirror (lessens the load on the
master server).  But I get the .md5s and .md5.ascs from the most
authoriative source I can find.  I hope that this reduces the chance of
subversion.

I recommend that you put a link to your public key on the web page.

| I'm not sure whether this is really a "frequently asked" question. So
| far, you are about the third one asking in 2 years.

Sad, I'd say.

| Maybe a hint in the README on the mirrors would be sufficient?

Anything to make security easier is good, I'd say.

Hugh Redelmeier
hugh@mimosa.com  voice: +1 416 482-8253

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBPotvjcFAuQPManGZAQFstQP/V97zBpDFT+7y9LIUgbL4wiy3Opo+tQeE
l3g0gJ3MUgdfKi9mPn6EIo76iPcaA6sbiO98kRM+QCsc3an2IW0oslikINB7r30p
odhTA1DUi3vz8XZkRSSBGQ+1ka5CkQVha9P3JXSi/c1+GbETkDpVjhIzsKmD/w0r
yljazqZmh2o=
=w0zI
-----END PGP SIGNATURE-----

_______________________________________________
debian-knoppix mailing list
debian-knoppix@linuxtag.org
http://mailman.linuxtag.org/mailman/listinfo/debian-knoppix

Reply to:

References:
- Re: [debian-knoppix] FAQ: what is *.md5.asc file?
  - From: knopper@linuxtag.org (Klaus Knopper)

Prev by Date: Re: [debian-knoppix] Help using Knoppix kernel config to get framebuffer working
Next by Date: Re: [debian-knoppix] Help using Knoppix kernel config to get framebuffer working
Previous by thread: Re: [debian-knoppix] FAQ: what is *.md5.asc file?
Next by thread: [debian-knoppix] Help using Knoppix kernel config to get framebuffer working
Index(es):
- Date
- Thread