[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of the debian keyring

On Tue, Feb 25, 2014 at 10:51:56AM -0800, Russ Allbery wrote:
> Gunnar Wolf <gwolf@gwolf.org> writes:
> > Ian Jackson dijo [Mon, Feb 24, 2014 at 05:57:57PM +0000]:
> >> I think this is a bug.
> >> 
> >> It can increase security because it can make operations more
> >> convenient at the same level of security, and because people trade off
> >> convenience for security.
> >> 
> >> For example, it would be possible to have one key for email encryption
> >> and a different (more secure) key for package uploads.
> > Debian tools don't care which key you use for email encryption.
> Except for project DPL votes, no?

I think the keys are used for voting and the email interfance for
db.debian.org.  I'm not sure if we have any other services
checking the gpg signatures of emails.


Reply to: