https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #9 from Justin Mason <[email protected]> 2010-01-12 14:00:40 UTC --- (In reply to comment #8) > Over 500 people signed the new signing key? > > Without checking its photo id? =) > > I suppose this is OK, but is including all 200KB really necessary? > > +1 over 500 people signed keys that signed the key. (probably most are from keysigning parties that myself or Theo attended, I suspect) If it's safe, I'd like to trim down the 200KB to something smaller; can any GPG wizards indicate that it's ok to do so? my naive assumption is that if I was to do so, it would lessen people's ability to verify a web-of-trust between their own trusted keys, and our keys, assuming they were attempting to do so without a working connection to a keyserver (e.g. offline). Maybe the web-of-trust is moot in our use-cases, but I think it's a nice side benefit of using gpg. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
