[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GPG and Signing

Hash: SHA1

On Sun, Apr 01, 2007 at 08:50:02PM -0400, John Fleming wrote:
> On Sun, Apr 01, 2007 at 07:09:55PM -0500, John Hasler wrote:
> >Michael Pobega writes:
> >> Is it a bad practice to verify keyrings of people on the mailing list, 
> >> or
> >> is it better to wait until I meet up with some of them at say Debconf or
> >> something similar?
> >
> >Depends on what you mean by "verify".  There is nothing wrong with
> >downloading their public keys and using them to verify that all the
> >messages purporting to come from them are indeed signed with the same key
> >and so probably did come from the same person.  However, you should not
> >sign someone's key unless you have met them, interviewed them, and 
> >examined
> >and verified their credentials.
> >
> What exactly is signing a key, and how does it work?
> I'd Google it...but I wouldn't know where to start.
> ----------------------------------------------------------------
> While we're still on this, why do most of your (Debian-users-who-sign) 
> emails show up in OE with the signature and the email text as attachments? 
> It seems whether I use GPG or a Thawte cert, they still don't show up as 
> attachments.  Are you doing something "special" to make them show up that 
> way, and I assume there's something desirable about doing it that way - 
> please tell me.  Makes it hostile to REPLY TO, at least with OE.  I suppose 
> the problem is with OE, but I'd still like to understand what's happening. 
> THANKS!  - John
There are 2 kinds of signatures: in-line and attachment. Most folks here
us attachment. I specify in-line, if the mailing list doesnt allow
attachments. IIRC there was one OE thing for handling digital
signatures, not that I've used OE in like 10 years...
- -- 
|  .''`.  == Debian GNU/Linux == |       my web site:           |
| : :' :      The  Universal     |mysite.verizon.net/kevin.mark/|
| `. `'      Operating System    | go to counter.li.org and     |
|   `-    http://www.debian.org/ |    be counted! #238656       |
|  my keyserver: subkeys.pgp.net |     my NPO: cfsg.org         |
|join the new debian-community.org to help Debian!              |
|_______  Unless I ask to be CCd, assume I am subscribed _______|
Version: GnuPG v1.4.6 (GNU/Linux)


Reply to: