Re: OT: More about GPG signing
On Thu, 10 May 2012 18:57:45 +0100, Tony van der Hoff wrote:
> I've learned a lot about GPG signing during the last few days. I can see
> there are benefits where the recipient needs to be absolutely certain
> that the sender is known to him.
And also the sender wants to ensure his/her posts are not impersonated.
<mode remember on>
We once faced a problem with faked posts in another mailing list. There
was a user (with a severe Tourette Syndrom) that sent messages with the
intention to fake the real sender who were usual participants on that
mailing list. Since that episode, many users started to sign their posts
to avoid further problems and misinterpretations.
</mode remmber off>
> That is certainly not the way mailing lists work, so causing a block of
> some 400 characters to be sent to each and every subscriber is pure
> self-indulgence, on the scale of insisting on sending HTML-formatted
> mail. On balance, I think I prefer the latter.
Not at all because is not a sender's problem that the recipient of his/
her message uses a MUA that can't handle GPG/GPG signatures. And there is
no rule in Debian mailing list Code of Conduct that says nothing against
the usage of this while there is one about using HTML based formatted
posts. In the end, GPG/PGP signatures can be also handled from a terminal
console and they don't break the content of the message which can be
still be read in clear text (even if they cannot be verified) thus you
can't compare the hassle that causes a GPG/PGP signature with the
nuisance of HTML messages: GPG/PGP signatures fallback mode is user-
friendly and fair.
> I have come to the conclusion that a GPG signature in these
> circumstances says more about the sender's sense of self-importance than
> anything else.
I don't know how is that you reached to that conclusion. Maybe is that
you should revisit your understanding on what a GPG/PGP signature is all