* 2025-08-30 20:02:13+0000, Andy Smith wrote: > It's not even restricted to the email part; in the distant past I > submitted my public key to keyrings that were distributed by > organisers prior to "key signing" parties with the idea of making the > process faster¹, then I wasn't able to attend. Yet still tens of > participants sent me back signed copies of my key. I wasn't even > *there* yet there are tens of people who were willing to sign with > absolute authority that they met me and checked my government ID. That's terrible. I think it says that any social event is a big risk for security: people tend to do what the queued people do before them. > Honestly I don't think it matters what I as the sender do or think. > The almost insurmountable problem is that I need to communicate with > normal people and normal people just do not know what to do with any > form of PGP-encrypted email. "Normal people" are out of the question anyway. But yes, e-mail encryption can't be really trusted even among technical Linux people. OpenPGP works best in signing and verifying signatures: sign files, work in a Git repository, Linux repositories etc. At important stages the verification happens automatically (by "apt", for example). -- /// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/ // OpenPGP: 6965F03973F0D4CA22B9410F0F2CAE0E07608462
Attachment:
signature.asc
Description: PGP signature