> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Troels Arvin > Sent: 03 December 2004 16:58 > To: [EMAIL PROTECTED] > Subject: Re: [pgadmin-hackers] New ftp layout > > On Fri, 03 Dec 2004 16:21:42 +0000, blacknoz wrote: > > > Why don't you /simply/ upload your key to a keyserver? > > I should and I will, some day, when I get around to it (my > older keys were also on keyservers). But I'm not very fond of > keyservers; there seems to be several, uncoordinated key > server projects and it's not clear where to go. Also: There > is no way to revoke a key if you don't haven't prepared for > revocation. Yes, one _should_ prepare for revocation, but > that might not be clear to the beginner (like it wasn't clear > to me when I started using PGP), so the keyservers slowly > become cluttered with useless public keys (like my first key > for which I forgot the pass phrase).
Ooh, that sounds *so* familiar - that's why there is an invalid [EMAIL PROTECTED] key on keyserver.pgp.com that I can't delete! > At any rate, in my opinion, people should be able to use RPM > signature verification of the files distributed by pgadmin > without having to use key-servers. Thus, it's still relevant > that downloaders are somehow instructed in how to get the > needed keys for RPM verification. My key is on the website. It should probably be linked from the hall of fame (http://www.pgadmin.org/pgadmin3/hall_of_fame.php) but currently is only linked from the download page. <snip> > To sum up: I believe that signing of RPMs (and other types of > signing) is of high practical use, and the pgadmin project > should make use of it. Agreed. I strongly encourage all our packagers to sign their work. Regards, Dave. ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
