Re: GPG and Signing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, Apr 01, 2007 at 08:50:02PM -0400, John Fleming wrote:
> On Sun, Apr 01, 2007 at 07:09:55PM -0500, John Hasler wrote:
> >Michael Pobega writes:
> >> Is it a bad practice to verify keyrings of people on the mailing list,
> >> or
> >> is it better to wait until I meet up with some of them at say Debconf or
> >> something similar?
> >
> >Depends on what you mean by "verify". There is nothing wrong with
> >downloading their public keys and using them to verify that all the
> >messages purporting to come from them are indeed signed with the same key
> >and so probably did come from the same person. However, you should not
> >sign someone's key unless you have met them, interviewed them, and
> >examined
> >and verified their credentials.
> >
>
> What exactly is signing a key, and how does it work?
>
> I'd Google it...but I wouldn't know where to start.
> ----------------------------------------------------------------
>
> While we're still on this, why do most of your (Debian-users-who-sign)
> emails show up in OE with the signature and the email text as attachments?
> It seems whether I use GPG or a Thawte cert, they still don't show up as
> attachments. Are you doing something "special" to make them show up that
> way, and I assume there's something desirable about doing it that way -
> please tell me. Makes it hostile to REPLY TO, at least with OE. I suppose
> the problem is with OE, but I'd still like to understand what's happening.
> THANKS! - John
There are 2 kinds of signatures: in-line and attachment. Most folks here
us attachment. I specify in-line, if the mailing list doesnt allow
attachments. IIRC there was one OE thing for handling digital
signatures, not that I've used OE in like 10 years...
- --
| .''`. == Debian GNU/Linux == | my web site: |
| : :' : The Universal |mysite.verizon.net/kevin.mark/|
| `. `' Operating System | go to counter.li.org and |
| `- http://www.debian.org/ | be counted! #238656 |
| my keyserver: subkeys.pgp.net | my NPO: cfsg.org |
|join the new debian-community.org to help Debian! |
|_______ Unless I ask to be CCd, assume I am subscribed _______|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGEFShv8UcC1qRZVMRAkx7AJ0UKtrnBRc9qa2d2TWgfIeHsrvr/wCgglzg
g8Bs+KBN4IuVbCDXYfpVwQs=
=vT6p
-----END PGP SIGNATURE-----
Reply to: