On Saturday 23 December 2006 14:51, Robert J. Hansen wrote: > Mike Frysinger wrote: > > i do signing of Gentoo packages and historically i would just > > generate a new key and sign that with my normal public one ... when > > the last one expired, i decided to try and use subkeys > > This may be bad policy on your part. The average Gentoo user is not > going to be an expert on cryptography or the OpenPGP protocol. Keeping > things as simple as possible for them is probably better than getting > clever with subkeys, especially since there are some interesting edge > cases there.
the average Gentoo user isnt going to ever care or even notice ... the signing aspects are all handled by portage user does `emerge pkg` and emerge goes and validates all of the keys > > so my main key i get everyone to sign is E837F581 and i use that when > > signing my e-mails ... i created a new subkey just for signing > > Gentoo packages and that is 205D3103 > > Generally speaking, people don't sign keys; they sign user IDs. sorry, yes ... they've been signing my Gentoo uid > > ... now when i sign e-mails or files, my main key is no longer used, > > just my subkey ... how can i control this behavior ? > > Use the "!" symbol to explicitly specify a subkey. E.g., thanks > I would suggest rethinking your strategy, however. and what would you suggest ? create brand new key sets when the previous one expires ? i thought one of the points of subkeys is to minimize this sort of management -mike
pgpUscCZdFoEl.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
