Re: GPG and Signing

To: debian-user@lists.debian.org
Subject: Re: GPG and Signing
From: John Hasler <jhasler@debian.org>
Date: Sun, 01 Apr 2007 19:09:55 -0500
Message-id: <[🔎] 87zm5rd4bw.fsf@toncho.dhh.gt.org>
In-reply-to: <[🔎] 20070401233943.GA8331@localhost> (Michael Pobega's message of "Sun, 1 Apr 2007 19:39:43 -0400")
References: <[🔎] 20070401112654.5f89ad09@think.homenet> <[🔎] 20070401121106.GD3516@localhost> <[🔎] 20070401122439.GA3786@localhost> <[🔎] 20070401123711.GA4646@localhost> <[🔎] 20070401134247.09de9e9e@abydos.stargate.org.uk> <[🔎] 20070401133519.GA6182@localhost> <[🔎] 20070401145951.464a5cd8@abydos.stargate.org.uk> <[🔎] 87fy7kf84c.fsf@toncho.dhh.gt.org> <[🔎] 20070401162934.6baa904c@abydos.stargate.org.uk> <[🔎] 460FD5B3.6030804@cox.net> <[🔎] 20070401233943.GA8331@localhost>

Michael Pobega writes:
> Is it a bad practice to verify keyrings of people on the mailing list, or
> is it better to wait until I meet up with some of them at say Debconf or
> something similar?

Depends on what you mean by "verify".  There is nothing wrong with
downloading their public keys and using them to verify that all the
messages purporting to come from them are indeed signed with the same key
and so probably did come from the same person.  However, you should not
sign someone's key unless you have met them, interviewed them, and examined
and verified their credentials.
-- 
John Hasler

Reply to:

Follow-Ups:
- Re: GPG and Signing
  - From: Michael Pobega <pobega@gmail.com>

References:
- Re: GPG and Signing
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: GPG and Signing
  - From: Michael Pobega <pobega@gmail.com>
- Re: GPG and Signing
  - From: Florian Kulzer <florian.kulzer@icfo.es>
- Re: GPG and Signing
  - From: Michael Pobega <pobega@gmail.com>
- Re: GPG and Signing
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: GPG and Signing
  - From: Michael Pobega <pobega@gmail.com>
- Re: GPG and Signing
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: GPG and Signing
  - From: John Hasler <jhasler@debian.org>
- Re: GPG and Signing
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: GPG and Signing
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: GPG and Signing
  - From: Michael Pobega <pobega@gmail.com>

Prev by Date: Re: Debian User List
Next by Date: Re: Debian User List
Previous by thread: Re: GPG and Signing
Next by thread: Re: GPG and Signing
Index(es):
- Date
- Thread