Digital signatures
David Boles
dgboles at gmail.com
Fri Jul 13 02:02:19 UTC 2007
on 7/12/2007 6:29 PM, Tim wrote:
> On Thu, 2007-07-12 at 10:01 -0700, Les wrote:
>> I am starting this thread because I see many folks signing their
>> emails with a digital signature.
>
> I don't see a problem in someone posting a signed message. I do see a
> problem in beleiving that they are who they claim to be. There isn't
> any verification done, it's self-signed (self created). I've yet to
> find *any* GPG/PGP key that was counter-signed by another person, let
> alone one that was counter-signed by someone I trust.
>
> I think that is a glaring omission when it comes to RPM packages, or
> even notices about updates. Nevemind e-mails.
There is a better chance of me being 'me' than there is of you being
'you'. ;-)
Websites are signed, they have certificates, as well as packages are
signed by distributions. I would much rather trust a package signed by
Fedora than I would one without a signature. Or one that I do not know.
If you, for example, used Gnupg as I do you and I could actually send
private emails. Ones that only you and I can read. Since every server
keeps a copy of everything that you post, not just you but everyone, just
about anyone can read what you write.
Kinda' makes you feel naked doesn't it? ;-)
--
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070712/b968dc7d/attachment-0001.sig>
More information about the fedora-list
mailing list