-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, Apr 01, 2007 at 08:50:02PM -0400, John Fleming wrote: > On Sun, Apr 01, 2007 at 07:09:55PM -0500, John Hasler wrote: > >Michael Pobega writes: > >> Is it a bad practice to verify keyrings of people on the mailing list, > >> or > >> is it better to wait until I meet up with some of them at say Debconf or > >> something similar? > > > >Depends on what you mean by "verify". There is nothing wrong with > >downloading their public keys and using them to verify that all the > >messages purporting to come from them are indeed signed with the same key > >and so probably did come from the same person. However, you should not > >sign someone's key unless you have met them, interviewed them, and > >examined > >and verified their credentials. > > > > What exactly is signing a key, and how does it work? > > I'd Google it...but I wouldn't know where to start. > ---------------------------------------------------------------- > > While we're still on this, why do most of your (Debian-users-who-sign) > emails show up in OE with the signature and the email text as attachments? > It seems whether I use GPG or a Thawte cert, they still don't show up as > attachments. Are you doing something "special" to make them show up that > way, and I assume there's something desirable about doing it that way - > please tell me. Makes it hostile to REPLY TO, at least with OE. I suppose > the problem is with OE, but I'd still like to understand what's happening. > THANKS! - John There are 2 kinds of signatures: in-line and attachment. Most folks here us attachment. I specify in-line, if the mailing list doesnt allow attachments. IIRC there was one OE thing for handling digital signatures, not that I've used OE in like 10 years... - -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal |mysite.verizon.net/kevin.mark/| | `. `' Operating System | go to counter.li.org and | | `- http://www.debian.org/ | be counted! #238656 | | my keyserver: subkeys.pgp.net | my NPO: cfsg.org | |join the new debian-community.org to help Debian! | |_______ Unless I ask to be CCd, assume I am subscribed _______| -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGEFShv8UcC1qRZVMRAkx7AJ0UKtrnBRc9qa2d2TWgfIeHsrvr/wCgglzg g8Bs+KBN4IuVbCDXYfpVwQs= =vT6p -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
