Infrastructure status, 2008-08-19 UTC 0200
Patrick O'Callaghan
pocallaghan at gmail.com
Tue Aug 19 12:15:29 UTC 2008
On Tue, 2008-08-19 at 18:10 +0930, Tim wrote:
> Tim:
> >> Is it just me, or do others also think that a public email (even a
> >> signed one) would be almost the worst place to trust a fingerprint
> >> announcement?
>
> Laszlo BERES:
> > If the mail is correctly signed then it's OK.
>
> A message being correctly signed isn't quite the same thing as being
> able to verify that it's been produced by the person in question.
Signatures tell you that whoever produced them has the private key, the
rest is assumption.
poc
More information about the fedora-list
mailing list