On 03/12/2014 05:01 PM, Ximin Luo wrote: > Sure - I meant to emphasize that the debian keyserver additionally then takes > this information and puts it into the debian-keyring package, assuming that > it is valid (in a way that other keyservers do not), and distributes this to > other people with implicit authority. Fortunately, I haven't seen an actual > abuse of this.
to my knowledge, this data is not synced automatically from the debian
keyserver; there is a manual step where keyring-maint (which is a team
of humans) considers what to import. I'm happy to clarify this with the
team, though.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
