Re: GPG and Signing

To: debian-user@lists.debian.org
Subject: Re: GPG and Signing
From: cga2000 <cga2000@optonline.net>
Date: Sun, 01 Apr 2007 22:16:10 -0400
Message-id: <[🔎] 20070402021609.GH807@turki.gavron.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20070402003219.GB24096@localhost>
References: <[🔎] 20070401123711.GA4646@localhost> <[🔎] 20070401134247.09de9e9e@abydos.stargate.org.uk> <[🔎] 20070401133519.GA6182@localhost> <[🔎] 20070401145951.464a5cd8@abydos.stargate.org.uk> <[🔎] 87fy7kf84c.fsf@toncho.dhh.gt.org> <[🔎] 20070401162934.6baa904c@abydos.stargate.org.uk> <[🔎] 460FD5B3.6030804@cox.net> <[🔎] 20070401233943.GA8331@localhost> <[🔎] 87zm5rd4bw.fsf@toncho.dhh.gt.org> <[🔎] 20070402003219.GB24096@localhost>

On Sun, Apr 01, 2007 at 08:32:19PM EDT, Michael Pobega wrote:
> On Sun, Apr 01, 2007 at 07:09:55PM -0500, John Hasler wrote:
> > Michael Pobega writes:
> > > Is it a bad practice to verify keyrings of people on the mailing list, or
> > > is it better to wait until I meet up with some of them at say Debconf or
> > > something similar?
> > 
> > Depends on what you mean by "verify".  There is nothing wrong with
> > downloading their public keys and using them to verify that all the
> > messages purporting to come from them are indeed signed with the same key
> > and so probably did come from the same person.  However, you should not
> > sign someone's key unless you have met them, interviewed them, and examined
> > and verified their credentials.
> >
> 
> What exactly is signing a key, and how does it work?
> 
> I'd Google it...but I wouldn't know where to start.

When I can't think of the right keywords to google for straight answers
I usually enter "wiki subject" (with a few variations) on the "advanced
search" screen until I pull out stuff that looks vaguely promising ..
read a few articles ..  follow a few links .. etc.  try to acquire a bit
of background .. jot down a few buzzwords .. then get back to google
with a better idea what I'm looking for .. start over .. etc.

Not a magic bullet .. time-consuming .. but in my case this approach
has proved fairly helpful so far.

HTH

Thanks,
cga

Reply to:

Follow-Ups:
- Re: GPG and Signing
  - From: Michael Pobega <pobega@gmail.com>

References:
- Re: GPG and Signing
  - From: Michael Pobega <pobega@gmail.com>
- Re: GPG and Signing
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: GPG and Signing
  - From: Michael Pobega <pobega@gmail.com>
- Re: GPG and Signing
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: GPG and Signing
  - From: John Hasler <jhasler@debian.org>
- Re: GPG and Signing
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: GPG and Signing
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: GPG and Signing
  - From: Michael Pobega <pobega@gmail.com>
- Re: GPG and Signing
  - From: John Hasler <jhasler@debian.org>
- Re: GPG and Signing
  - From: Michael Pobega <pobega@gmail.com>

Prev by Date: 'don't have permission to access" of mediwiki1.7 with apache2
Next by Date: Re: CONFIG_SOFTWARE_SUSPEND=y, ACPI, and uswsusp
Previous by thread: Re: GPG and Signing
Next by thread: Re: GPG and Signing
Index(es):
- Date
- Thread