On Sat, 2011-11-19 at 10:43 -0800, Fernando de Oliveira wrote: > I do not mind about the WARNING and do no sign. In the beginning, I > searched about this and the conclusion was that if someone posted > signatures with wrong intentions it would be spotted, so I waited one > day and then, trusted it.
My attitude is that if a package is signed with a key that I've not previously seen, I put the key ID into Google and see what comes back. Mostly, I'm looking for hits on the project's mailing lists, indicating that the key belongs to one of the maintainers... > I believe they are trustable (if there is this word in English). There is now... :) That said, "trustworthy" is the correct English word. Simon.
signature.asc
Description: This is a digitally signed message part
-- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
