mailing list pgp signatures...
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Mon Jul 13 19:37:05 UTC 2009
Steven W. Orr wrote:
> On 07/13/09 14:21, quoth Mikkel L. Ellertson:
>
>> You know, there is a simple fix to this - someone that has G's
>> public key could upload it to a keyserver. <evil>Now, if someone
>> wanted to be nasty, they could upload a fake public key with his
>> email address. Then if there is anything to SPAMmers mining the
>> keyservers for e-mail addresses, the would get the flood of SPAM
>> anyway.</evil>
>
> Two wrongs don't make a right. Another established part of the etiquette is to
> never upload someone else's key without explicit permission. Lots of
> keyservers don't do subkeys and you don't really have the implicit permission
> to overwrite signatures on those machines. To do so would be at least as rude
> as not publishing a public key that's needed to verify a signature in a public
> mailing list.
>
If your mail setup is anything like mine, there is an option to
upload public keys. While I am fairly sure I wouldn't make the
mistake of uploading his key, I can see it happening. Because I do
not have his public key, at least I can not be blamed for doing it.
As far as uploading a fake key, will interesting to contemplate, I
wouldn't actually do it. I am just a bit more responsible that that.
Though I am starting to wounder why I adhere to proper net
etiquette. It seams like fewer people are following it, and if you
point out proper net etiquette, you get branded a LIST NAZI or TOP
POSTING NAZI. I guess it is a crime to ask others to be polite and
follow community guidelines.
My post was half serious, half joking. Kind of a hint about where
throwing out net etiquette can lead. After all, if all of us decided
that net etiquette didn't apply to us, then behavior I posted would
be just as acceptable as G's.
Mikkel
--
Culture dies when you can't see it,
build on it, be affected by it,
share it with your friends.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20090713/34fd54ca/attachment-0001.sig>
More information about the fedora-list
mailing list