On 2002.01.24, in <[EMAIL PROTECTED]>, "Mike Schiraldi" <[EMAIL PROTECTED]> wrote: > > also, since most people on the list don't know you in real life, all > > they know is that you're the same person who has always been writing > > email under that name and with that PGP key. there's no real advantage > > to doing this IMHO in most cases. > > I disagree -- if Thomas didn't sign all his messages, i could write a > message to this list, pretending to be him, and say, "Hey, there's a problem > with mutt. You should all immediately apply the following patch. And don't > worry about checking to make sure that it's not a trojan horse; after all, > i'm Thomas. You can trust me."
Thomas *doesn't* sign all his messages. I'm happy with that; he signs patches and other messages which regard potential threats to mutt's code base. PGP certainly should be used when the message requires some trust. I don't think you'll find many people (if any) arguing with that. What's at issue is: when is trust required? Some feel that it's always required to ever be useful; others think it's only required on occasion. But we've been over it many times on this list, and perhaps it's time to talk about Mutt. I apologize for posting on this subject, but the incorrect information seemed to be a bit of a threat. :) (I'd sign this message, but my key is currently expired.) -- -D. [EMAIL PROTECTED] NSIT University of Chicago
