> attached (valid) GPG/PGP signatures (from a valid developer?)" -- valid GPG signature present on public servers, not necessarily from a valid DD seems to be a valid scheme. I haven't seen any spam GPG signed yet
-- another idea would be to use the same authentication as used by most
of the mailing list servers -- verification of intent: confirmation
email sent to the originating email address and reply to it keeping
subject with a key code intact would verify that it was a valid request.
Otherwise original request expires in a day or two if it doesn't get
confirmed.
Then anyone who wants automate this process writes a 2 liner procmail
rule ;-)
My 2 kopeyki (ie cents)
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
pgpP61H8uv0XZ.pgp
Description: PGP signature
