GPG signatures
Tom Mitchell
mitch48 at sbcglobal.net
Tue Dec 30 21:23:40 UTC 2003
On Tue, 30 Dec 2003, Trevor Smith wrote:
> Agreed. I'm tempted too. All my musings on how relevant signing is if
> you auto-download keys, I like the idea of everyone picking *some*
> "identity" and signing everything.
This makes sense. Not because the identity of individual
messages in a public place is important but because a change in
identity signals a potential problem. There is still a question
about the life of a key and the process for updating to a new key
as all the up2date and yum troubles remind us.
BTW: There are some quality posters in this group. If one of
them posted a script that included some questionable command
(more subtle than "rm -r /") I might just go with it. If the
signature check failed then I would be my normal cautious self.
Yea, I suspect I will not use a digital signature on public lists
so that all my readers keep their cautious hat on. ;-)
--
T o m M i t c h e l l
mitch48 -a*t- yahoo-dot-com
More information about the fedora-list
mailing list