Re: [debian-knoppix] FAQ: what is *.md5.asc file?
-----BEGIN PGP SIGNED MESSAGE-----
| From: Klaus Knopper <email@example.com>
| True, it's not explaind in the FAQ. On the other hand: People who don't
| know about detached signatures probably don't really need them, right?
I hope that you meant that sarcastically.
I agree that you need not force folks to use good security, but I
think you should help them in that direction.
gpg is an awkward tool with a daunting manual. Even the --help output
is scary. A simple annotated recipe, like the one I included, could
make appropriate use of .md5 and .md5.asc quite easy and painless for
many folks (not GUI users).
| I must admit that I don't really believe in the "Web of Trust", so,
| the only reliable way would be, to get the key directly from me (or
| its fingerprint), or, if you believe in the security scheme of these,
| from a public keyserver.
You could spread your key around so it is available a bunch of places.
Then subversion is harder. For example, in this mail message.
| You may also find my key(s) at
| but of course that is not a reliable way either.
My habit is to grab .iso files from a mirror (lessens the load on the
master server). But I get the .md5s and .md5.ascs from the most
authoriative source I can find. I hope that this reduces the chance of
I recommend that you put a link to your public key on the web page.
| I'm not sure whether this is really a "frequently asked" question. So
| far, you are about the third one asking in 2 years.
Sad, I'd say.
| Maybe a hint in the README on the mirrors would be sufficient?
Anything to make security easier is good, I'd say.
firstname.lastname@example.org voice: +1 416 482-8253
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
debian-knoppix mailing list