On Tue, Feb 25, 2014 at 09:10:00PM +0100, Kurt Roeckx wrote: > On Tue, Feb 25, 2014 at 10:51:56AM -0800, Russ Allbery wrote: > > Gunnar Wolf <gwolf@gwolf.org> writes: > > > Ian Jackson dijo [Mon, Feb 24, 2014 at 05:57:57PM +0000]: > > > > >> I think this is a bug. > > >> > > >> It can increase security because it can make operations more > > >> convenient at the same level of security, and because people trade off > > >> convenience for security. > > >> > > >> For example, it would be possible to have one key for email encryption > > >> and a different (more secure) key for package uploads. > > > > > Debian tools don't care which key you use for email encryption. > > > > Except for project DPL votes, no? > > I think the keys are used for voting and the email interfance for > db.debian.org. I'm not sure if we have any other services > checking the gpg signatures of emails. echelon checks the keyring, also. -- Luca Filipozzi http://www.crowdrise.com/SupportDebian
Attachment:
signature.asc
Description: Digital signature