mailing list pgp signatures...

David dgboles at comcast.net
Tue Jul 14 15:17:05 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 7/14/2009 8:24 AM, Bruno Wolff III wrote:
> On Mon, Jul 13, 2009 at 14:04:11 -0400,
>   "Steven W. Orr" <steveo at syslang.net> wrote:
>>
>> But what G did was much worse. He insisted on putting a little bomb in his
>> mail that causes a number of us to just plain hang for periods that are
>> measured in minutes, not just once, but for every message that he sends and
>> for every time that we try to read it. Having a lack of respect for other
>> people's time is way high up on my list of things that make me go out of my
>> way to resort to blacklisting.
> 
> That sounds like a problem with the mail client you are using and should
> probably be reported as a bug against that client. The lookups should be
> out of band and there should probably be some negative caching support
> as well.


It is a 'setting', if you wish, to auto-retrieve signing keys from
keyservers. Keyservers, as can all servers, be slow at times. The more
keyservers that you check the longer it takes. The retrival ends with
the first server that has to key.

Say the user has four keyservers selected. There are many. Each time the
user receives a signed message with an unknown key the program goes out
and tries to find the key as it not available on the users keyring and
the program then adds it to the keyring. The next time a signed message,
using that key, is received it is marked as 'known' and that way there
is no need for a search.

If a signer does not publish his/her key the search process happens for
each and every message. For each and every person using the GnuPG system
that reads the post. Or re-reads it.

My request, it was never a demand in spite of what others have said, was
to publish the key or not sign to the list. And I used the word 'please'
twice. Several users have agreed with me. And several users have agree
with him. Fair enough.

His response to my request was insults and name-calling. Did I disable
my system, which is setup the way I like it, to suit the wishes of
another? No. I did not. I disabled the other person from me. He gets to
keep his system setup the way he wants. I no longer have to deal with
his posts signed with an unpublished key.

Problem solved for both of us IMO. By me.
- -- 


  David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkpcoXEACgkQrItTyWRhT1YnpQCdFYt+aDfLc6CPFsprRHrOpQdn
38kAoJ2ilxWWzylUwbFxhYenUhAa4sol
=A763
-----END PGP SIGNATURE-----




More information about the fedora-list mailing list