Re: OT: More about GPG signing
13.05.2012 14:31, Andrei POPESCU kirjoitti: On Vi, 11 mai 12, 17:49:30, Phil Dobbin wrote: on the strength of that message, Slavko, it gave me great pleasure to import sign your key :-) Don't sign other keys unless you have met the owner in person. Kind regards, Andrei But if you trust person who you haven't met, you can lsign with gpg --edit-key KEYID. -- [Mika Suomalainen](https://mkaysi.github.com/) || [gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) || [Why do I sign my emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) || [Please don't send HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) || [Please don't toppost](http://mkaysi.github.com/articles/complaining/topposting.html) || [This signature](https://gist.github.com/2643070) || signature.asc Description: OpenPGP digital signature
Re: OT: More about GPG signing
On Du, 13 mai 12, 15:41:52, Phil Dobbin wrote: As somebody else posted on this subject some time ago (maybe a week ago; this thread has been limping on for a long time) it helps one identify participants on the list whose views seem to lucid, practical knowledgeable. I've found it unfortunate that after returning to this list after several years away, I've actually had to send several poster's addresses to /dev/null because of their rudeness downright bad manners. So any tool to identify genuinely helpful Debian users who use these lists in a responsible manner is most welcome. You might want to check if lsign would better suit your needs without affecting the web-of-trust. Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: OT: More about GPG signing
On Vi, 11 mai 12, 17:49:30, Phil Dobbin wrote: on the strength of that message, Slavko, it gave me great pleasure to import sign your key :-) Don't sign other keys unless you have met the owner in person. Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: OT: More about GPG signing
On Sb, 12 mai 12, 09:25:44, Slavko wrote: * It was a lot of searching for me to get MUA for Windows with GPG support (early mentioned Thunderbird and Enigmail) and i see no others equivalents exists (or only very old or commercial). Claws Mail and Sylpheed will do it. +1 on everything else you said :) Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: OT: More about GPG signing
On Sb, 12 mai 12, 01:45:37, Jochen Spieker wrote: [snip] +1 Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: OT: More about GPG signing
11.05.2012 19:53, Chris Bannister kirjoitti: On Fri, May 11, 2012 at 03:18:02PM +0100, Brad Rogers wrote: Whilst the above is true, it's also true that inline signing isn't going away soon because of certain companies reticence about implementing it correctly or at all. Where it refers to the PGP/MIME standard, of course. Even if Enigmail made PGP/MIME the default, or even better remove inline signing completely? Enigmail uses mailing list software which makes PGP/MIME unverfiable, because of headers. -- [Mika Suomalainen](https://mkaysi.github.com/) || [gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) || [Why do I sign my emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) || [Please don't send HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) || [Please don't toppost](http://mkaysi.github.com/articles/complaining/topposting.html) || [This signature](https://gist.github.com/2643070) || signature.asc Description: OpenPGP digital signature
Re: OT: More about GPG signing
On Saturday 12 May 2012 08:25:44 Slavko wrote: [snip] I will accept that some (many???) people may htink that the presence of Slavko's name fulfils no useful purpose other than supplying an ego-trip for him. But for me it had a use. I know (of?) Slavko from another list. I would certainly not have recognised his email address. I am partially sighted and skip long text strings that I see no value in decoding. But I recognised his name. And because I have always found his postings useful, and indeed extremely helpful, in both attitude and content, I read his email, which was long-ish and therefore marginally difficult. So, Slavko, your putting your name in the header helped me, even if it helped no-one else. So I am glad that you were lazy. ;-) Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201205131330.11311.lisi.re...@gmail.com
Re: OT: More about GPG signing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/05/12 12:31, Andrei POPESCU wrote: On Vi, 11 mai 12, 17:49:30, Phil Dobbin wrote: on the strength of that message, Slavko, it gave me great pleasure to import sign your key :-) Don't sign other keys unless you have met the owner in person. If that was the strategy everybody adopted with PGP, there'd be very few, if any, keys signed, ever. Thanks for the advice but I think I'll pass. Cheers, Phil... - -- currently (ab)using Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPr77aAAoJECPmYW6gk8Jj/8sH/jlEobvJ1rGnJnpu/EJm2Y5k cV4Odnxtn7zNnSdsCF5y7nM3Krn+zb3809QDUZa9oZYEHUD5rGSE9rwvJ8x9Kznn ChPKW4gptCYSguqiY6P+XQV/aGH4U8ifO+/9S3pD1z5RB6KtmMtTlVhG4rK/pMYT Ie2HEBwTJAoCzDJb5NsHTQdvPwBFXU19Uj2O1hPD7DZTlD6fTRG8gxEjrgkXZx5R FvsbDAr3WVLcOxrhYyIkBp2keQieQmtouDR/aa6qQHo2w/kipLXtM5MXqSZ4z5uP o7setVMw7fhH5hoo4F8conec4UYcZWwPT7oi54qNLDJehFN4KDntZhq/aFxaAJ0= =hYJ7 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fafbeda.9020...@gmail.com
Re: OT: More about GPG signing
On Sun, May 13, 2012 at 03:02:02PM +0100, Phil Dobbin wrote: If that was the strategy everybody adopted with PGP, there'd be very few, if any, keys signed, ever. This *is* the strategy that most people use for PGP. Thanks for the advice but I think I'll pass. You are entitled to maintain whatever local policy for signing you want: but, it weakens your position in a web of trust if your signatures are 'weaker' than other peoples. It means any trust path that flows through a signature of yours is suspect. GPG lets you choose a 'trust level' for keys. I'd suggest at least using a low-level value for keys you haven't validated. -- Jon Dowland -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120513140517.GB32262@debian
Re: OT: More about GPG signing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/05/12 15:05, Jon Dowland wrote: On Sun, May 13, 2012 at 03:02:02PM +0100, Phil Dobbin wrote: If that was the strategy everybody adopted with PGP, there'd be very few, if any, keys signed, ever. This *is* the strategy that most people use for PGP. Thanks for the advice but I think I'll pass. You are entitled to maintain whatever local policy for signing you want: but, it weakens your position in a web of trust if your signatures are 'weaker' than other peoples. It means any trust path that flows through a signature of yours is suspect. GPG lets you choose a 'trust level' for keys. I'd suggest at least using a low-level value for keys you haven't validated. In the case in question I used I will not answer I don't know as I do with virtually all the very few keys I sign via a mailing list. As somebody else posted on this subject some time ago (maybe a week ago; this thread has been limping on for a long time) it helps one identify participants on the list whose views seem to lucid, practical knowledgeable. I've found it unfortunate that after returning to this list after several years away, I've actually had to send several poster's addresses to /dev/null because of their rudeness downright bad manners. So any tool to identify genuinely helpful Debian users who use these lists in a responsible manner is most welcome. Cheers, Phil... - -- currently (ab)using Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPr8gwAAoJECPmYW6gk8JjWhAH/iT19Ggx09w9puciVunNaECS wr9bMe8HaDxcXPsiooRLyEwPf6vaEU7+7efGnEpdb3C+IhUG5QsoUCiwjwQPN4Mt HIcaERaVDP2rt0uaY3626+A3O1UaDnBZJ1+bDScHWw6q35MxXrFbhB7WqU8UmEj6 MJ06k2yIc+1vjJ7sAMR2Gk3horiPWoLkl16eAQkF+TlzSbeNCFxHpeZnXg4Ngydu 6qJNDvFrXq3obLZinLkb9cBqQc9eSgjjB39MljMn+PAYXcE5UHWn70DFzR72zeS0 wOMcgWUCYlbhA9FQHmFVAKC2UcHJjXMkQs/Ey7u2ytetPyaox+foGEmpBm8l+Z4= =i6cU -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fafc830.9010...@gmail.com
Re: OT: More about GPG signing
Hi, Dňa Sun, 13 May 2012 14:35:30 +0300 Andrei POPESCU andreimpope...@gmail.com napísal: On Sb, 12 mai 12, 09:25:44, Slavko wrote: * It was a lot of searching for me to get MUA for Windows with GPG support (early mentioned Thunderbird and Enigmail) and i see no others equivalents exists (or only very old or commercial). Claws Mail and Sylpheed will do it. I am translating the Claws Mail and i am using it in Debian, but i has serious problems in Windows 7 64bit, where it ignores command line options and then it is unusable for me - for example it was not possible to compose new mail from webbrowser... It was some problems under Windows XP too, but was usable. -- Slavko http://slavino.sk signature.asc Description: PGP signature
Re: OT: More about GPG signing
On Sun, May 13, 2012 at 03:02:02PM +0100, Phil Dobbin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/05/12 12:31, Andrei POPESCU wrote: On Vi, 11 mai 12, 17:49:30, Phil Dobbin wrote: on the strength of that message, Slavko, it gave me great pleasure to import sign your key :-) Don't sign other keys unless you have met the owner in person. If that was the strategy everybody adopted with PGP, there'd be very few, if any, keys signed, ever. Thanks for the advice but I think I'll pass. I think the point is that you do not necessarily have to sign a key in order for it to be useful. But if you sign keys without doing the same level of verification that I would do, then I can simply assign no trust to your key (which means that I don't trust the signatures that you've made to other keys). So your hypothetical low keysigning standards shouldn't affect me. When you sign a key, you are asked how carefully you have verified the key that you are signing. I have not checked at all is a choice. I'm not sure I see the point in signing if you haven't checked at all. Maybe someone on the list can explain that one. I do think that sometimes verifying a key through online means is more effective than meeting someone in person. I don't know what the owner of a particular website should look like, and I'm not an expert an validating passports, drivers licenses, or other forms of ID (particularly not foreign ones). But I can verify that the person in control of the website has had the same GPG key posted every time I visited that website for the past year. It might take me quite a while to sign a key using that method but it's a valid method, and I think I could easily be fooled by an in-person imposter. -Rob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120513234048.ga24...@aurora.owens.net
Re: OT: More about GPG signing
On 12.5.2012 2:45, Jochen Spieker wrote: My main reason for signing public e-mails is to invite people to encrypt their e-mails to me. Signing is the easiest way to express that I (know how to) use PGP/GPG and that I prefer encrypted communication. In my opinion, the question is not why we should encrypt our communication, but why we should /not/. Of course, that is just an invitation which I think should be as unobtrusive as possible. PGP/MIME is the best way to do that. +1 -- FORTUNE PROVIDES QUESTIONS FOR THE GREAT ANSWERS: #4 A: Go west, young man, go west! Q: What do wabbits do when they get tiwed of wunning awound? signature.asc Description: OpenPGP digital signature
Re: OT: More about GPG signing
On Sat, 2012-05-12 at 08:59 +0300, Jari Fredriksson wrote: the question is not why we should encrypt our communication, but why we should /not/ I encrypt some of my communication by openPGP too. No doubt about it, there are valid reasons to encrypt some emails. But signing emails to an open mailing list to make people aware that you know how to encrypt mails IMO is improper. And btw. the question still is Why should we encrypt communication? and not Why shouldn't we encrypt communication?. I hope PGP fetishists are aware about other security issues, such as the possibility to read a tube monitor by using an antenna, from a neighboring house. I won't make all security gaps public. Cracking encryption takes 20 years with a super computer. The most common gap is to keep the personal key on the computer, since cracking the passphrase does take some minutes. Btw. I keep the personal key on my computer. For me PGP is just a way to ensure a low level security. PGP becomes useful for anonymous mailing etc.,when several servers are involved, but it's less secure for private mails. My mailer is able to display HTML, should I format in HTML to make people aware, that I'm able to read HTML formated text? For those using a 56k modem traffic might be important. I don't think that storage of emails is an issue for anybody. It might be more considerate to quit signing by default. Conspiracy regards, Ralf PS: A poster from a German high-rise bunker: Feind hört mit denk immer dran, vertrau nicht blind dem Nebenmann I try to translate: The enemy is always listening, don't trust the person beside you We should create a world of trust, instead of hanging on conspiracy theories. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336805504.2741.26.camel@precise
Re: OT: More about GPG signing
Hi, Dňa Sat, 12 May 2012 12:36:25 +1000 Scott Ferguson scott.ferguson.debian.u...@gmail.com napísal: Paraphrase yes. Useful analogy I don't believe so. from your point of view... But from my point it is analogy. A better analogy would be:- Is the post reduced in value if Tony's was name was not added to the sender field? the same as above. At first i want to remove my name from this post, but i see, that i am very lazy ;-) My english is poor, then it is terrible to write long answers for me. I hope, that i will write it in proper manner... For me the name in sender has no value. For one good reason - i never meet anybody from this list, then i cannot create association with name and person, and then i mostly don't read the name at all. But, consider, that i will read this list for long time. After some time i will see that some senders posts here good solutions and another not. I am sure, that you know it: some people know what they are writing, and others are writing what they know... When i will want distinguish these senders i will read the names and then you will right. But now about principle - anybody on the word can add Slavko as name in sender header. Many people can add the whole line (Slavko linux(blee)slavino.sk) as sender (i want no discuss here why, who and when). As you can see, the sender header of the many people can be identical with my sender header. Then when i will depend on sender only, i can get false positives and then the real value of this field is nearer zero for me. Yes, here exists many people for which it is enough and many people, which do not know about unreliability of this header. And many others simply trust... Consider the same with PGP signature. Can anybody on the word sign his name and address? Yes, they can. Can anybody sign for my name and email? Yes, they can. But will be the signature of the anybody identical with my? No, the digital signatures will not be identical (again, i want no discuss here about key cracking etc. - i am not cryptology expert). Then i am able to identify mail's sender, and then this signature has value for me. I still cannot create association between mail sender and person, but this is about web of trust and this was discussed before by another senders. I will go back to start now. Consider that i have reason to distinguish the senders. For some people is enough to see sender mail, for another is enough to see name in sender, and for another else are both (name and email) needed. But still here are some people, for which, the more reliability is needed. The included digital signature is for these, which are seeking it and others can ignore it. It is not about his ego-trip, it is about providing option to receivers. And this ego-trip was goal of my paraphrasing. This is my point of view. People have a perfect right to object to signatures - even non-PGP ones. Just as people have a perfect right to use signatures, provided they comply with the rules of conduct... if people don't want to download the signature (or it's embedded pictures) it's their call, just as it's the call of those who want to bully their signatures onto others. I object to inline signatures - but I won't filter out the posts just because of the signatures and I'd hope that most people are the same. One example from my live: I am using Linux at home, Windows at work and i have some Android tablet too. * On linux here is not problem to find solution and as you see, my signature is PGP/MIME. * It was a lot of searching for me to get MUA for Windows with GPG support (early mentioned Thunderbird and Enigmail) and i see no others equivalents exists (or only very old or commercial). * Some time was needed for searching the same for my Android and here i found only one, but it supports only inline PGP, then i have problem with mails with GPG/Mime A lot of my friends uses GPG/Inline for me now, because they know about my Android GPG problem. And analogically, if i will respond here from my Android, my mail will be signed by GPG/Inline - will be i the ignorant? My conclusion: In freedom world i am respecting sender's option to don't fill his name, i will respect his option to fill his name too. I will respect the Micky Maus as name too. I will respect mail sender's option about don't including digital signature, as well as including it in any manners. Why? Because these all are sender's freedom options. I have freedom too. I can filter unwanted messages (yes, i know, filter by unreliable sender header), or go out from mail list. Or, more simply, i can tell to self, that this (GPG/Inline) is not for me, because i am not only one recipient in this ML, and ignore these mails (most used key on my keyboard seems to be the Delete key). regards -- Slavko http://slavino.sk signature.asc Description: PGP signature
Re: OT: More about GPG signing
On Fri, May 11, 2012 at 06:16:28PM +0100, Brad Rogers wrote: I wasn't thinking of Enigmail/Mozilla, but Microsoft. Microsoft's software doesn't produce PGP/MIME sigs and their reading of same is broken. Or at least was last time I had to use any of their software. MS Exchange at least recognises PGP/MIME as being something: it shows a little signed icon against such mails. It doesn't identify or treat inline signed messages any differently to normal. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120512080119.GA27051@debian
Re: OT: More about GPG signing
--- On Fri, 5/11/12, Scott Ferguson scott.ferguson.debian.u...@gmail.com wrote: Paraphrase yes. Useful analogy I don't believe so. A better analogy would be:- Is the post reduced in value if Tony's was name was not added to the sender field? The answer is yes. Not necessarily. If there were several users with the same name on this list, a full email address would be a better identifier than name. And if someone decided to use the same name AND email address as another user, signing one's messages would be a good idea to avoid confusion/misrepresentation. Anyway, this interesting discussion seems to begin going in circles, so the important points for me are: 1. Debian Code of Conduct has nothing against signing one's emails, inline or otherwise, while other things like HTML emails and spam are explicitly forbidden (yet they appear almost daily anyway). See http://www.debian.org/MailingLists/#codeofconduct 2. Some people consider the practice of signing their emails useful, as it provides some benefits to them. 3. Even if one doesn't agree with such a practice, it's pretty harmless comparing to some other uses or abuses of the list. 4. If one still feels strongly that signed emails should not be used on this list, one may want to suggest such a change to the Debian Code of Conduct. I doubt it would pass though. HTH -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336812192.22739.yahoomailclas...@web121906.mail.ne1.yahoo.com
Re: OT: More about GPG signing
On Sat, 2012-05-12 at 01:43 -0700, T Elcor wrote: If one still feels strongly that signed emails should not be used on this list, one may want to suggest such a change to the Debian Code of Conduct. I'm against general signing, but I guess we should be free to use it, if we wont use it and it's good if some Debian developers sign, to ensure that they are really the developers. There's useful signing and OTOH an idiotic signing fetish. IIUC this is what all those discussions are about. It's not a discussion against signing on an open mailing list per se. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336812936.2121.23.camel@precise
Re: OT: More about GPG signing
On Sat, 12 May 2012 09:01:19 +0100 Jon Dowland j...@debian.org wrote: Hello Jon, MS Exchange at least recognises PGP/MIME as being something: it shows a little signed icon against such mails. An improvement on OE, certainly. That used to see the PGP/MIME signed message and treat the text part as an attachment. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent There's no point in asking you'll get no reply Pretty Vacant - Sex Pistols signature.asc Description: PGP signature
Re: OT: More about GPG signing
On Fri, 11 May 2012 19:31:50 +0200, Ralf Mardorf wrote: On Fri, 2012-05-11 at 17:27 +, Camaleón wrote: On Sat, 12 May 2012 04:49:36 +1200, Chris Bannister wrote: On Fri, May 11, 2012 at 02:59:25PM +, Camaleón wrote: mode remember on We once faced a problem with faked posts in another mailing list. There was a user (with a severe Tourette Syndrom) that sent messages with the And you could tell this from his/her posts?, amazing! http://en.wikipedia.org/wiki/Tourette_syndrome No, it was the same user who told us about his illness and we could check that he was saying the truth -not just because of his distasteful writings- but he had published some articles about himself speaking for his situation and was well known over Internet. :) I don't know why is that you smile. For the people involved it was not funny at all :-( Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jolcfk$s0$4...@dough.gmane.org
Re: OT: More about GPG signing
Selling guns? Apologize! Context! Selling guns to the wrong people, with a bad intention is unethically, but it isn't unethically to sell guns per se. I don't own weapons myself, but I've got no problems with people who learned how to use and not to use a weapon secure and ethically. I'm able to do this myself, but I don't need a weapon. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336819231.2121.45.camel@precise
Re: OT: More about GPG signing
On Sat, May 12, 2012 at 12:40:31PM +0200, Ralf Mardorf wrote: Selling guns? Apologize! Context! Selling guns to the wrong people, with a bad intention is unethically, but it isn't unethically to sell guns per se. I don't own weapons myself, but I've got no problems with people who learned how to use and not to use a weapon secure and ethically. I'm able to do this myself, but I don't need a weapon. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336819231.2121.45.camel@precise Please don't troll. The phrrase selling guns doesn't even appear in the email you're claiming to repond to. If you're going to hysterically paraphrase someone, please make sure you inform us of that fact. -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120512105228.GA8953@radhesyama
Re: OT: More about GPG signing
On Sat, 2012-05-12 at 10:02 +, Camaleón wrote: I don't know why is that you smile. For the people involved it was not funny at all :-( If you know about tics than it shouldn't be an issue. I'm an idiot myself and once I met another highly gifted idiot. He was a stutterer. This was an issue, since it takes minutes to communicate spoken, what usually is possible in seconds. I anyway enjoy talking with him, since all the other people on that party who thought that he might be intellectually disabled, didn't nearly reach his IQ. I would like to have more tolerance on this planet. I don't like normal people, they're suspect to me. What exactly is normal? Raping children? Selling guns? Dunno! Most of so called anomalous people usually don't do unethical things that often as averaged people do. - Ralf -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336818061.2121.40.camel@precise
Re: OT: More about GPG signing
On Sat, 12 May 2012 12:40:31 +0200, Ralf Mardorf wrote: Ralf, be very cautious when quoting... Selling guns? What the hell are you (if that were you) talking about? Apologize! Context! Selling guns to the wrong people, with a bad intention is unethically, but it isn't unethically to sell guns per se. (...) What I explained was a serious and delicate issue, nothing funny and nothing to do with ethical or unethical actions but a disease :-/ Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jolgh9$s0$1...@dough.gmane.org
Re: OT: More about GPG signing
On Sat, 12 May 2012 05:52:28 -0500 Indulekha indule...@theunworthy.com wrote: Hello Indulekha, Please don't troll. The phrrase selling guns doesn't even appear in the email you're It did; You just saw the follow-up before the message it was replying to. Exactly the same happened here. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent Go away, come back, go away, come back Leave Me Alone (I'm Lonely) - P!nk signature.asc Description: PGP signature
Re: OT: More about GPG signing
On Sat, May 12, 2012 at 12:18:11PM +0100, Brad Rogers wrote: On Sat, 12 May 2012 05:52:28 -0500 Indulekha indule...@theunworthy.com wrote: Hello Indulekha, Please don't troll. The phrrase selling guns doesn't even appear in the email you're It did; You just saw the follow-up before the message it was replying to. Exactly the same happened here. Ah, ok. Yes, I do see it now. Apologies to Ralf! -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120512112845.GA9757@radhesyama
Re: OT: More about GPG signing
On Sat, 12 May 2012 12:21:01 +0200, Ralf Mardorf wrote: On Sat, 2012-05-12 at 10:02 +, Camaleón wrote: I don't know why is that you smile. For the people involved it was not funny at all :-( If you know about tics than it shouldn't be an issue. (...) Ralf, I don't know how to tell this with plain (and kind) words becasue you seem don't understanding nothing at all... from nothing. In a mailing list there is no face to face comunication, you only get mesages from a person that you don't know and you had no previous relation with and you are unaware of his real intentions... So, if a person starts sending posts impersonating you, insulting the other mailing list users and harming them -despite you consider his disease to be something enjoyable (which I think is not)- is nothing laughable at all. And is not funny because it was something the user could not control so finally, IIRC, he had to be banned and some of the of users started signing their own posts :-/ Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/joli7j$s0$1...@dough.gmane.org
Re: OT: More about GPG signing
On Sat, 12 May 2012 12:18:11 +0100, Brad Rogers wrote: On Sat, 12 May 2012 05:52:28 -0500 Indulekha indule...@theunworthy.com wrote: Hello Indulekha, Please don't troll. The phrrase selling guns doesn't even appear in the email you're It did; You just saw the follow-up before the message it was replying to. Exactly the same happened here. Brad, I received first the second message (his reply to himself) and because he removed the name of the person who wrote the cited text, the message was unreferenced at all. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/joliii$s0$1...@dough.gmane.org
Re: OT: More about GPG signing
On Sat, May 12, 2012 at 11:40:35AM +, Camaleón wrote: On Sat, 12 May 2012 12:21:01 +0200, Ralf Mardorf wrote: On Sat, 2012-05-12 at 10:02 +, Camaleón wrote: I don't know why is that you smile. For the people involved it was not funny at all :-( If you know about tics than it shouldn't be an issue. (...) Ralf, I don't know how to tell this with plain (and kind) words becasue you seem don't understanding nothing at all... from nothing. In a mailing list there is no face to face comunication, you only get mesages from a person that you don't know and you had no previous relation with and you are unaware of his real intentions... So, if a person starts sending posts impersonating you, insulting the other mailing list users and harming them -despite you consider his disease to be something enjoyable (which I think is not)- is nothing laughable at all. And is not funny because it was something the user could not control so finally, IIRC, he had to be banned and some of the of users started signing their own posts :-/ Tourette's doesn't compel people to send obscenities via email, it's just verbal and gestures. You got trolled. -- ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120512115929.GA1398@radhesyama
Re: OT: More about GPG signing
On Sat, 12 May 2012 11:46:26 + (UTC) Camaleón noela...@gmail.com wrote: Hello Camaleón, I received first the second message (his reply to himself) and because he removed the name of the person who wrote the cited text, the message was unreferenced at all. Without attribution, context and what-not, it was difficult to know who/what Ralf was talking about, true. Lacking the post it was a reply to, my MUA used the next available ref header to thread the message; yours. It certainly made for an interesting few minutes until the /real/ post it was following up came through. Mind you, we're getting off topic here -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent Where will you be when the bodies burn? The Gasman Cometh - Crass signature.asc Description: PGP signature
Re: OT: More about GPG signing
On Sat, 12 May 2012 06:59:29 -0500, Indulekha wrote: On Sat, May 12, 2012 at 11:40:35AM +, Camaleón wrote: On Sat, 12 May 2012 12:21:01 +0200, Ralf Mardorf wrote: On Sat, 2012-05-12 at 10:02 +, Camaleón wrote: I don't know why is that you smile. For the people involved it was not funny at all :-( If you know about tics than it shouldn't be an issue. (...) And is not funny because it was something the user could not control so finally, IIRC, he had to be banned and some of the of users started signing their own posts :-/ Tourette's doesn't compel people to send obscenities via email, it's just verbal and gestures. You got trolled. You're completely wrong. But you can read and learn (from Wikipedia article): *** (...) Tourette's was once considered a rare and bizarre syndrome, most often associated with the exclamation of obscene words or socially inappropriate and derogatory remarks (coprolalia), but this symptom is present in only a small minority of people with Tourette's.[1] *** Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jolke6$s0$1...@dough.gmane.org
Re: OT: More about GPG signing
On Sat, May 12, 2012 at 06:59:29AM -0500, Indulekha wrote: Tourette's doesn't compel people to send obscenities via email, it's just verbal and gestures. You got trolled. Please take this off-list. It's off-topic and adds zero value to the intended purpose of this list. Thanks, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linuxhttp://people.debian.org/~rleigh/ `. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools `-GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120512123627.gs23...@codelibre.net
Re: OT: More about GPG signing
On 05/12/2012 08:36 AM, Roger Leigh wrote: On Sat, May 12, 2012 at 06:59:29AM -0500, Indulekha wrote: Tourette's doesn't compel people to send obscenities via email, it's just verbal and gestures. You got trolled. Please take this off-list. It's off-topic and adds zero value to the intended purpose of this list. +1 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fae5b71.9040...@gmail.com
Re: OT: More about GPG signing
On Sat, May 12, 2012 at 12:18:14PM +, Camaleón wrote: On Sat, 12 May 2012 06:59:29 -0500, Indulekha wrote: On Sat, May 12, 2012 at 11:40:35AM +, Camaleón wrote: On Sat, 12 May 2012 12:21:01 +0200, Ralf Mardorf wrote: On Sat, 2012-05-12 at 10:02 +, Camaleón wrote: I don't know why is that you smile. For the people involved it was not funny at all :-( If you know about tics than it shouldn't be an issue. (...) And is not funny because it was something the user could not control so finally, IIRC, he had to be banned and some of the of users started signing their own posts :-/ Tourette's doesn't compel people to send obscenities via email, it's just verbal and gestures. You got trolled. You're completely wrong. But you can read and learn (from Wikipedia article): *** (...) Tourette's was once considered a rare and bizarre syndrome, most often associated with the exclamation of obscene words or socially inappropriate and derogatory remarks (coprolalia), but this symptom is present in only a small minority of people with Tourette's.[1] *** What, so now the *lack* of a described symptom is proof it exists? Nowhere in that article does it say that Tourette's makes people write obscenities. And that's with good reason, because it doesn't. -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120512140704.GB3308@radhesyama
Re: OT: More about GPG signing
On Sat, 2012-05-12 at 06:28 -0500, Indulekha wrote: Ah, ok. Yes, I do see it now. Apologies to Ralf! No problem, I've got to apologize, since I wrote to much unneeded text. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336831121.2121.47.camel@precise
Re: OT: More about GPG signing
On Sat, 12 May 2012 09:07:04 -0500, Indulekha wrote: On Sat, May 12, 2012 at 12:18:14PM +, Camaleón wrote: Tourette's doesn't compel people to send obscenities via email, it's just verbal and gestures. You got trolled. You're completely wrong. But you can read and learn (from Wikipedia article): *** (...) Tourette's was once considered a rare and bizarre syndrome, most often associated with the exclamation of obscene words or socially inappropriate and derogatory remarks (coprolalia), but this symptom is present in only a small minority of people with Tourette's.[1] *** What, so now the *lack* of a described symptom is proof it exists? Nowhere in that article does it say that Tourette's makes people write obscenities. And that's with good reason, because it doesn't. Indulekha, I won't explain about what a disease is or isn't. Should you are insterested in knowing more about this specific illness then go, read and taught yourself, this is not a medical list. But if you are pretending to explain to me what's what I lived *in first person* with that guy, well, that's going too far and a bit arrogant from your part, man... Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jolsef$s0$1...@dough.gmane.org
Re: OT: More about GPG signing
On Sat, May 12, 2012 at 09:07:04AM -0500, Indulekha wrote: What, so now the *lack* of a described symptom is proof it exists? Nowhere in that article does it say that Tourette's makes people write obscenities. And that's with good reason, because it doesn't. *Please*, take this offtopic garbage off list. Not only is it offtopic, it's also rude and inconsiderate to the other subscribers of this list. The list is for users of Debian, for discussion and support of Debian. It's not for random topics outside that scope. You're certainly not the only one guilty of taking this discussion way offtopic, but you're certainly the worst example, and enough is enough. I won't be asking a third time, I'll be asking the listmaster to take the appropriate action. Roger -- .''`. Roger Leigh : :' : Debian GNU/Linuxhttp://people.debian.org/~rleigh/ `. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools `-GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120512143703.gu23...@codelibre.net
Re: OT: More about GPG signing
On Sat, 12 May 2012 08:51:44 +0200, Ralf wrote in message 1336805504.2741.26.camel@precise: We should create a world of trust, instead of hanging on conspiracy theories. ..theories are harmless, until they become recipes for e.g. Kristallnächt-2.0 on 9/11. -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120512165632.05c2e...@celsius.lan
Re: OT: More about GPG signing
On Thu, May 10, 2012 at 06:37:35PM +0100, Brad Rogers wrote: On Thu, 10 May 2012 16:39:49 + (UTC) Camaleón noela...@gmail.com wrote: Hello Camaleón, Enigmail does it with no user intervention. I don't use Enigmail, but I'd place a small wager that it can be set up to either pull public keys automatically or manually. What the default is, IDK. I do, and the default is to not auto-fetch public keys. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120511063936.GC14319@debian
Re: OT: More about GPG signing
On Thu, May 10, 2012 at 05:32:25PM +0100, Tony van der Hoff wrote: So, the OP signs his mail to a list. I would guess that no web of trust exists between him and 99.9% of the list members. What is the benefit of such a signature? I don't know Phil Dobbin, I haven't ever met him and I probably never will. Phil Dobbin exists to me only as a participant on this mailing list. He signs his mail. Over time, my mental model of Phil Dobbin will be composed entirely and exclusively based on his conduct on this mailing list. If I ever did meet him, I might be able to prove that the owner of key A093C263 is legally called Phil Dobbin in some juristiction or other. What exactly have I gained? This knowledge means nothing to me. I know many people who are not called by their legal name anyway. The fact that A093C263 calls himself Phil Dobbin is something I don't need to verify. In this particular case, the web of trust is not as relevant, since I don't need it to prove that one mail signed by A093C263 was written by the same person as another mail signed by A093C263. [ having said that, it would be nice if things like http://pgp.cs.uu.nl/mk_path.cgi?FROM=06AATO=A093C263PATHS=trust+paths worked. Phil, why not push your key and sigs to pgp.mit.edu? ] -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120511064520.GD14319@debian
Re: OT: More about GPG signing
On Thu, May 10, 2012 at 06:57:45PM +0100, Tony van der Hoff wrote: That is certainly not the way mailing lists work, so causing a block of some 400 characters to be sent to each and every subscriber is pure self-indulgence, on the scale of insisting on sending HTML-formatted mail. On balance, I think I prefer the latter. A signature by a modern, strong key (4096/RSA) will be about double that size. ( I just signed 'date' output to check, the sig was 914 chars.) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120511064739.GE14319@debian
Re: OT: More about GPG signing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/05/12 07:45, Jon Dowland wrote: On Thu, May 10, 2012 at 05:32:25PM +0100, Tony van der Hoff wrote: So, the OP signs his mail to a list. I would guess that no web of trust exists between him and 99.9% of the list members. What is the benefit of such a signature? I don't know Phil Dobbin, I haven't ever met him and I probably never will. Phil Dobbin exists to me only as a participant on this mailing list. He signs his mail. Over time, my mental model of Phil Dobbin will be composed entirely and exclusively based on his conduct on this mailing list. If I ever did meet him, I might be able to prove that the owner of key A093C263 is legally called Phil Dobbin in some juristiction or other. What exactly have I gained? This knowledge means nothing to me. I know many people who are not called by their legal name anyway. The fact that A093C263 calls himself Phil Dobbin is something I don't need to verify. In this particular case, the web of trust is not as relevant, since I don't need it to prove that one mail signed by A093C263 was written by the same person as another mail signed by A093C263. [ having said that, it would be nice if things like http://pgp.cs.uu.nl/mk_path.cgi?FROM=06AATO=A093C263PATHS=trust+paths worked. Phil, why not push your key and sigs to pgp.mit.edu? ] Done. the Dutch pgp authority now hold a copy also. Now, can we all get back to work please? Four days is a long time to discuss a subject that's been around to my knowledge for fifteen years :-) Cheers, Phil... - -- currently (ab)using Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPrNDNAAoJECPmYW6gk8JjOxsH/0NsJ5Tgs0moske2gEFSijGv /oZyQ161dRqhNTF20Qsd8mtr05NriXira6avBREtlA1g0Nr1JU88DqgFveRaylYX f0nG6mkFZazSIqWCkKnEj+olqJLoHD54x/zMPbkZHtz+4dbNx9DQljbTV7xLNpCN F+9lF7rX/cjq89fzeTiNbBmblmPRO2PRr8EEHComY2btKy+mggVyTCkk5rXTkjlb hZIJ7A2n/4NerP0C5Lx96Ab6OP9f/mky5Fefkb9JlaG08V0y3bTZweZFEXPwfO8j xJUCT853g+qPTSWchZtZErb34fLRWT25xF/qpPP5mQAukbk3ybF86ZQ5Wt9TciI= =uqL4 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4facd0ce.5070...@gmail.com
Re: OT: More about GPG signing
On Thu, May 10, 2012 at 04:14:12PM +0100, Tony van der Hoff wrote: On 10/05/12 15:27, Phil Dobbin wrote: Cheers, Phil... So, this message was signed. Having recently installed enigmail, to see what all the fuss is about in the other thread. I find I'm at a loss to understand how to interpret this. - OpenPGP Security Info Unverified signature gpg command line and output: /usr/bin/gpg gpg: Signature made Thu 10 May 2012 15:27:47 BST using RSA key ID A093C263 gpg: Can't check signature: public key not found - Am I expected to go to some keyserver to find the sender's public key? How, where, why? I believe IceDove's enigmail preferences allow you to specify automatically fetch public keys or something to that effect. You need to click on the Display Expert Settings button and then go to the keyserver tab. Or you could manually download all the public keys that you're interested in. -Rob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120511122334.gb27...@aurora.owens.net
Re: OT: More about GPG signing
On Thu, May 10, 2012 at 05:32:25PM +0100, Tony van der Hoff wrote: On 10/05/12 17:16, Brad Rogers wrote: On Thu, 10 May 2012 17:59:34 +0200 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: Hello Ralf, This resulted in Valid signature, but cannot verify sender (Phil Dobbin bukowskis...@gmail.com): Because there's no web of trust involving people that both you and the keyholder know. So, the OP signs his mail to a list. I would guess that no web of trust exists between him and 99.9% of the list members. What is the benefit of such a signature? It establishes identity the identity associated with the signature. If Ralf had been signing his emails for the last 2 years, I would feel confident that I have a valid public key for Ralf, the guy on the debian-user mailing list, who often answers questions about audio. Of course I don't know if he's Ralf with black hair, or Ralf who lives on Main St., but for my purposes this is good enough. If I someday want to send an encrypted message to the Ralf that I know (debian-user Ralf), I can do it. For me, knowing Ralf's personal identity is not as important as knowing his online identity because our relationship is online. As long as I don't forget that, then seeing his signature in emails is a potential benefit to me. -Rob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120511123451.gc27...@aurora.owens.net
Re: OT: More about GPG signing
On 05/11/2012 08:34 AM, Rob Owens wrote: On Thu, May 10, 2012 at 05:32:25PM +0100, Tony van der Hoff wrote: On 10/05/12 17:16, Brad Rogers wrote: On Thu, 10 May 2012 17:59:34 +0200 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: Hello Ralf, This resulted in Valid signature, but cannot verify sender (Phil Dobbin bukowskis...@gmail.com): Because there's no web of trust involving people that both you and the keyholder know. So, the OP signs his mail to a list. I would guess that no web of trust exists between him and 99.9% of the list members. What is the benefit of such a signature? It establishes identity the identity associated with the signature. If Ralf had been signing his emails for the last 2 years, I would feel confident that I have a valid public key for Ralf, the guy on the debian-user mailing list, who often answers questions about audio. Of course I don't know if he's Ralf with black hair, or Ralf who lives on Main St., but for my purposes this is good enough. If I someday want to send an encrypted message to the Ralf that I know (debian-user Ralf), I can do it. For me, knowing Ralf's personal identity is not as important as knowing his online identity because our relationship is online. As long as I don't forget that, then seeing his signature in emails is a potential benefit to me. GPG/PGP signatures will only ever have any real value to you if you're part of a strong key set within the web of trust. That is to say if your key and the other person's key have a chain of signatures from people who have actually met and followed best practices for verifying the identity before signing keys. Then, and only then, could you look at the signature chain between your key and theirs and be confident in the true identity. If I only sign the keys of people I have personally verified and then they in turn only sign keys of people they have personally verified then you can trust them to be an introducer. Their signature on another key will let you know that they've verified them and because you trust them then you can then trust this new key you've not signed. It is a lot like getting a reference for someone. If you don't trust their judgment are you honestly gonna trust them as a reference for someone you haven't met? Along that same analogy, I prefer PGP/MIME signatures as they are unobtrusive but available for verification by those that wish to do so. Inline simply generates too much needless noise and is a method that's at least 10 years out dated since the PGP/MIME standard was adopted. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fad1131.4080...@undergrid.net
Re: OT: More about GPG signing
On Fri, 11 May 2012 09:16:33 -0400 Jeremy T. Bouse jeremy.bo...@undergrid.net wrote: Hello Jeremy, those that wish to do so. Inline simply generates too much needless noise and is a method that's at least 10 years out dated since the PGP/MIME standard was adopted. Whilst the above is true, it's also true that inline signing isn't going away soon because of certain companies reticence about implementing it correctly or at all. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent The public wants what the public gets Going Underground - The Jam signature.asc Description: PGP signature
Re: OT: More about GPG signing
On Fri, May 11, 2012 at 02:47:04PM +0100, Brad Rogers wrote: On Fri, 11 May 2012 09:16:33 -0400 Jeremy T. Bouse jeremy.bo...@undergrid.net wrote: Hello Jeremy, those that wish to do so. Inline simply generates too much needless noise and is a method that's at least 10 years out dated since the PGP/MIME standard was adopted. Whilst the above is true, it's also true that inline signing isn't going away soon because of certain companies reticence about implementing it correctly or at all. I think the point is that if a person knows how to sign then they know how to sign only what is necessary. This list does not required signed email, nor does it only recognize inline. So really, it's pretty simple issue. Can't imagine why so many people fail to grasp it, unless they just don't want to. As Scott said, it becomes a digital fetish for some people. -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120511141223.GA15035@radhesyama
Re: OT: More about GPG signing
On Fri, 11 May 2012 14:47:04 +0100 Brad Rogers b...@fineby.me.uk wrote: Hello Brad, Whilst the above is true, it's also true that inline signing isn't going away soon because of certain companies reticence about implementing it correctly or at all. Where it refers to the PGP/MIME standard, of course. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent It's got nothing to do with the need to impress Titanic (My Over) Reaction - 999 signature.asc Description: PGP signature
Re: OT: More about GPG signing
On Thu, 10 May 2012 18:57:45 +0100, Tony van der Hoff wrote: I've learned a lot about GPG signing during the last few days. I can see there are benefits where the recipient needs to be absolutely certain that the sender is known to him. Yes. And also the sender wants to ensure his/her posts are not impersonated. mode remember on We once faced a problem with faked posts in another mailing list. There was a user (with a severe Tourette Syndrom) that sent messages with the intention to fake the real sender who were usual participants on that mailing list. Since that episode, many users started to sign their posts to avoid further problems and misinterpretations. /mode remmber off That is certainly not the way mailing lists work, so causing a block of some 400 characters to be sent to each and every subscriber is pure self-indulgence, on the scale of insisting on sending HTML-formatted mail. On balance, I think I prefer the latter. Not at all because is not a sender's problem that the recipient of his/ her message uses a MUA that can't handle GPG/GPG signatures. And there is no rule in Debian mailing list Code of Conduct that says nothing against the usage of this while there is one about using HTML based formatted posts. In the end, GPG/PGP signatures can be also handled from a terminal console and they don't break the content of the message which can be still be read in clear text (even if they cannot be verified) thus you can't compare the hassle that causes a GPG/PGP signature with the nuisance of HTML messages: GPG/PGP signatures fallback mode is user- friendly and fair. I have come to the conclusion that a GPG signature in these circumstances says more about the sender's sense of self-importance than anything else. I don't know how is that you reached to that conclusion. Maybe is that you should revisit your understanding on what a GPG/PGP signature is all about. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/joj9gd$pnh$8...@dough.gmane.org
Re: OT: More about GPG signing
On 11/05/12 13:23, Rob Owens wrote: Or you could manually download all the public keys that you're interested in. On this list, that equates to zero. Which is why all those who sign their messages are wasting their time on an ego-trip. -- Tony van der Hoff| mailto:t...@vanderhoff.org Buckinghamshire, England | -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fad2fa6.2020...@vanderhoff.org
Re: OT: More about GPG signing
On Thu, 10 May 2012 18:37:35 +0100, Brad Rogers wrote: On Thu, 10 May 2012 16:39:49 + (UTC) Camaleón noela...@gmail.com wrote: Hello Camaleón, Enigmail does it with no user intervention. I don't use Enigmail, but I'd place a small wager that it can be set up to either pull public keys automatically or manually. What the default is, IDK. As I recall it (I had to setup Enigmail not so long ago) there was an option to do this automatically, but let me search at the manual. Okay, here it is: http://www.rainydayz.org/node/89 9. Preferences » 9.1. Setting the preferences 9.1.5. Keyserver (...) If you want, you may enter a keyserver name in the field Automatically download keys for signature verification from the following keyserver. Enigmail will then automatically try to download from the specified keyserver any public key needed to verify signed messages. If you use this option, specify only one name. So by setting this it should be done ;-) The only manual intervention required could be when the key cannot be fetched from the specified server (missing key, no Internet connection, server is down...) and you have to manually import it into your local keyring in order to validate the user's signature. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jojd7h$pnh$1...@dough.gmane.org
Re: OT: More about GPG signing
Ahoj, Dňa Fri, 11 May 2012 16:26:30 +0100 Tony van der Hoff t...@vanderhoff.org napísal: On 11/05/12 13:23, Rob Owens wrote: Or you could manually download all the public keys that you're interested in. On this list, that equates to zero. Which is why all those who sign their messages are wasting their time on an ego-trip. I will paraphrase your words: Why you are wasting your time on an ego-trip to fill your name in sender header? On this list is this information not needed and by the email principle is its information value equal to zero and email address must be enough for this purpose. regards -- Slavko http://slavino.sk signature.asc Description: PGP signature
Re: OT: More about GPG signing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/05/12 16:48, Slavko wrote: Ahoj, Dňa Fri, 11 May 2012 16:26:30 +0100 Tony van der Hoff t...@vanderhoff.org napísal: On 11/05/12 13:23, Rob Owens wrote: Or you could manually download all the public keys that you're interested in. On this list, that equates to zero. Which is why all those who sign their messages are wasting their time on an ego-trip. I will paraphrase your words: Why you are wasting your time on an ego-trip to fill your name in sender header? On this list is this information not needed and by the email principle is its information value equal to zero and email address must be enough for this purpose. on the strength of that message, Slavko, it gave me great pleasure to import sign your key :-) Cheers, Phil... - -- currently (ab)using Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPrUMZAAoJECPmYW6gk8Jj6U0H/0TUY2ryUYYn/5DXoxutilOO Va9T+/WOKG/A+oPN4GmzsS92UN0Rq+LS640+CVtzHphYCmapzQ3ypSqo5eQ4q4mo hQV2Mgo/r9H/O8pSApdO9JIOy6iF4Z8JoAkVByU6sH1bBZV1nUPosMHs8EQ5y14S vubmsHNuVRfiTd9pYm7R+bhd8wG+i2u3Ru0Y7MIXcGqGH8DCJ1v/8Y4dK/E8uCI7 lBfpITA75axNSu/+pqGHzpBYU0Mh4KC8CPAAyuYkug4ydDi6Z0et1JHmgX/cmRQ6 cgkXch1CedmWb7EwlXIrG2qyMHy4Jp1iaf7mNZ6OJWDkLLmyWIt4ERRA/8UPEQM= =uERl -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fad431a.7040...@gmail.com
Re: OT: More about GPG signing
On Fri, May 11, 2012 at 02:59:25PM +, Camaleón wrote: mode remember on We once faced a problem with faked posts in another mailing list. There was a user (with a severe Tourette Syndrom) that sent messages with the And you could tell this from his/her posts?, amazing! http://en.wikipedia.org/wiki/Tourette_syndrome -- Religion is excellent stuff for keeping common people quiet. -- Napoleon Bonaparte -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120511164935.GA10069@tal
Re: OT: More about GPG signing
On Fri, May 11, 2012 at 03:18:02PM +0100, Brad Rogers wrote: Whilst the above is true, it's also true that inline signing isn't going away soon because of certain companies reticence about implementing it correctly or at all. Where it refers to the PGP/MIME standard, of course. Even if Enigmail made PGP/MIME the default, or even better remove inline signing completely? -- Religion is excellent stuff for keeping common people quiet. -- Napoleon Bonaparte -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120511165312.GB10069@tal
Re: OT: More about GPG signing
On Sat, 12 May 2012 04:53:12 +1200 Chris Bannister cbannis...@slingshot.co.nz wrote: Hello Chris, Even if Enigmail made PGP/MIME the default, or even better remove inline signing completely? I wasn't thinking of Enigmail/Mozilla, but Microsoft. Microsoft's software doesn't produce PGP/MIME sigs and their reading of same is broken. Or at least was last time I had to use any of their software. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent You never listen to a word that I said Public Image - Public Image Ltd signature.asc Description: PGP signature
Re: OT: More about GPG signing
On Fri, 2012-05-11 at 19:09 +0200, Ralf Mardorf wrote: On Fri, 2012-05-11 at 19:05 +0200, Ralf Mardorf wrote: On Sat, 2012-05-12 at 04:49 +1200, Chris Bannister wrote: And you could tell this from his/her posts?, amazing! http://en.wikipedia.org/wiki/Tourette_syndrome Hobby-psychologist are able to do this. The less differential diagnosis you know, the easier it is to defame. The ICE + DSM together already are ridiculous for serious psychology and most people even don't know those. ICD not ICE ;) I'm a troll :p http://en.wikipedia.org/wiki/Rosenhan_experiment -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336756312.8142.14.camel@precise
Re: OT: More about GPG signing
On Sat, 2012-05-12 at 04:49 +1200, Chris Bannister wrote: And you could tell this from his/her posts?, amazing! http://en.wikipedia.org/wiki/Tourette_syndrome Hobby-psychologist are able to do this. The less differential diagnosis you know, the easier it is to defame. The ICE + DSM together already are ridiculous for serious psychology and most people even don't know those. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336755928.8142.12.camel@precise
Re: OT: More about GPG signing
On Fri, 2012-05-11 at 19:05 +0200, Ralf Mardorf wrote: On Sat, 2012-05-12 at 04:49 +1200, Chris Bannister wrote: And you could tell this from his/her posts?, amazing! http://en.wikipedia.org/wiki/Tourette_syndrome Hobby-psychologist are able to do this. The less differential diagnosis you know, the easier it is to defame. The ICE + DSM together already are ridiculous for serious psychology and most people even don't know those. ICD not ICE ;) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336756193.8142.13.camel@precise
Re: OT: More about GPG signing
On Sat, 12 May 2012 04:49:36 +1200, Chris Bannister wrote: On Fri, May 11, 2012 at 02:59:25PM +, Camaleón wrote: mode remember on We once faced a problem with faked posts in another mailing list. There was a user (with a severe Tourette Syndrom) that sent messages with the And you could tell this from his/her posts?, amazing! http://en.wikipedia.org/wiki/Tourette_syndrome No, it was the same user who told us about his illness and we could check that he was saying the truth -not just because of his distasteful writings- but he had published some articles about himself speaking for his situation and was well known over Internet. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/joji6n$pnh$1...@dough.gmane.org
Re: OT: More about GPG signing
On Fri, 2012-05-11 at 17:27 +, Camaleón wrote: On Sat, 12 May 2012 04:49:36 +1200, Chris Bannister wrote: On Fri, May 11, 2012 at 02:59:25PM +, Camaleón wrote: mode remember on We once faced a problem with faked posts in another mailing list. There was a user (with a severe Tourette Syndrom) that sent messages with the And you could tell this from his/her posts?, amazing! http://en.wikipedia.org/wiki/Tourette_syndrome No, it was the same user who told us about his illness and we could check that he was saying the truth -not just because of his distasteful writings- but he had published some articles about himself speaking for his situation and was well known over Internet. :) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336757510.9374.0.camel@precise
Re: OT: More about GPG signing
On Fri, 11 May 2012 19:11:52 +0200, Ralf wrote in message 1336756312.8142.14.camel@precise: On Fri, 2012-05-11 at 19:09 +0200, Ralf Mardorf wrote: On Fri, 2012-05-11 at 19:05 +0200, Ralf Mardorf wrote: On Sat, 2012-05-12 at 04:49 +1200, Chris Bannister wrote: And you could tell this from his/her posts?, amazing! http://en.wikipedia.org/wiki/Tourette_syndrome Hobby-psychologist are able to do this. The less differential diagnosis you know, the easier it is to defame. The ICE + DSM together already are ridiculous for serious psychology and most people even don't know those. ICD not ICE ;) I'm a troll :p http://en.wikipedia.org/wiki/Rosenhan_experiment ..as a native Troll National, I'm eminently pleased to confirm that keeping a trawl going at troll speeds, commonly requires at least one ICE. ;o) -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120511213256.777b8...@celsius.lan
Re: OT: More about GPG signing
Jeremy T. Bouse: On 05/11/2012 08:34 AM, Rob Owens wrote: If I someday want to send an encrypted message to the Ralf that I know (debian-user Ralf), I can do it. For me, knowing Ralf's personal identity is not as important as knowing his online identity because our relationship is online. As long as I don't forget that, then seeing his signature in emails is a potential benefit to me. GPG/PGP signatures will only ever have any real value to you if you're part of a strong key set within the web of trust. Please read Rob's e-mail again. I don't need any signatures on my key in order for you to be able to send an encrypted e-mail to Jochen from debian-user(-german). Your e-mail will not be readable by anyone but the person who signed hundreds of e-mails to this and other lists. Another aspect: last yeas I married and adopted my wife's name. My habit of signing public e-mails allows everyone verify that Jochen Spieker is actually the same person as Jochen Schulz (my birth name). My main reason for signing public e-mails is to invite people to encrypt their e-mails to me. Signing is the easiest way to express that I (know how to) use PGP/GPG and that I prefer encrypted communication. In my opinion, the question is not why we should encrypt our communication, but why we should /not/. Of course, that is just an invitation which I think should be as unobtrusive as possible. PGP/MIME is the best way to do that. J. -- Whenever I hear the word 'art' I reach for my visa card. [Agree] [Disagree] http://www.slowlydownward.com/NODATA/data_enter2.html signature.asc Description: Digital signature
Re: OT: More about GPG signing
On 12/05/12 01:48, Slavko wrote: Ahoj, Dňa Fri, 11 May 2012 16:26:30 +0100 Tony van der Hoff t...@vanderhoff.org napísal: On 11/05/12 13:23, Rob Owens wrote: Or you could manually download all the public keys that you're interested in. On this list, that equates to zero. Which is why all those who sign their messages are wasting their time on an ego-trip. I will paraphrase your words: Why you are wasting your time on an ego-trip to fill your name in sender header? On this list is this information not needed and by the email principle is its information value equal to zero and email address must be enough for this purpose. regards Paraphrase yes. Useful analogy I don't believe so. A better analogy would be:- Is the post reduced in value if Tony's was name was not added to the sender field? The answer is yes. Same applies if I take your name out of your post. Try it on a case by case basis with all the posts on this list. The answer remains yes. Now apply the same analogy to digital signatures. In *many* cases the value is *only* reduced in the opinion of the poster. If the value of a digital signature is appreciated by the poster and *not* appreciated by the recipient I'd be wary of advising the recipient to man up and adapt. It could sound like you're ordering someone to endure just so you can feel good - an argument winnable only from a position of constant advantage (will ultimately fail). People have a perfect right to object to signatures - even non-PGP ones. Just as people have a perfect right to use signatures, provided they comply with the rules of conduct... if people don't want to download the signature (or it's embedded pictures) it's their call, just as it's the call of those who want to bully their signatures onto others. I object to inline signatures - but I won't filter out the posts just because of the signatures and I'd hope that most people are the same. There are a number of posters on this list that I wish *would* use digital signatures with a valid web of trust - that'd save me double checking their information. Stan, Stephen, and several others tend to draw from a personal store of knowledge I can't quickly verify - but I trust their opinion. If I could verify *them* I'd be happier. But it's not that simple - people also have a right *not* to verify themselves or their posts. Security and privacy are inseparable. Damn choices, free will, liberty, mutter, mutter... ;-p Kind regards -- Iceweasel/Firefox/Chrome/Chromium/Iceape/IE extensions for finding answers to questions about Debian:- https://addons.mozilla.org/en-US/firefox/collections/Scott_Ferguson/debian/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fadcca9.4010...@gmail.com
OT: More about GPG signing
On 10/05/12 15:27, Phil Dobbin wrote: Cheers, Phil... So, this message was signed. Having recently installed enigmail, to see what all the fuss is about in the other thread. I find I'm at a loss to understand how to interpret this. - OpenPGP Security Info Unverified signature gpg command line and output: /usr/bin/gpg gpg: Signature made Thu 10 May 2012 15:27:47 BST using RSA key ID A093C263 gpg: Can't check signature: public key not found - Am I expected to go to some keyserver to find the sender's public key? How, where, why? Maybe I've not set up Enigmail correctly? Alternatively, should I just ignore the signature, in which case why is the sender polluting the list with useless crap? -- Tony van der Hoff| mailto:t...@vanderhoff.org Buckinghamshire, England | -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fabdb44.9020...@vanderhoff.org
Re: OT: More about GPG signing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/05/12 16:14, Tony van der Hoff wrote: So, this message was signed. Having recently installed enigmail, to see what all the fuss is about in the other thread. I find I'm at a loss to understand how to interpret this. - OpenPGP Security Info Unverified signature gpg command line and output: /usr/bin/gpg gpg: Signature made Thu 10 May 2012 15:27:47 BST using RSA key ID A093C263 gpg: Can't check signature: public key not found - Am I expected to go to some keyserver to find the sender's public key? How, where, why? Maybe I've not set up Enigmail correctly? Alternatively, should I just ignore the signature, in which case why is the sender polluting the list with useless crap? You have an option to import my key under your PGP menu should you wish to do so . If you have installed Enigmail then go ahead do it. However, if you have no wish to use PGP see it as polluting the list with useless crap?, I suggest you uninstall Enigmail. Or you could continue to be incensed over a dozen or so lines of PGP keep Enigmail for some other purpose. Cheers, Phil... - -- currently (ab)using Debian Squeeze, Fedora Verne, OS X Snow Leopard, Ubuntu Oneiric -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPq+KuAAoJECPmYW6gk8JjLlkH/iyAW21qAEhbKYkZ3gTOgTjp IJm5FBiGVBkOx0S7qH5+aRNM9uoXUK/Tf4+G+4aCabzl5EqDv2nCdK/lLXT8YDBF VSHMvsytqf94AY1zDAxME6bAnDNcAjfAPbs0Lyg5tOwlqJssRT/qg6Dutl/Mmsb6 SpfyeLCj843RQbLzGiQh0rYPAnwTunJGw4MgAOEN8qnazureF7YveDhlbO9VI/7e +7AgC/CYDC3H5ye8YMHg8qF6KW1/25IUAPpzOZ/x/a9SHy55d/vgAhbABh0W4gCm ZEPTvQSDsz/rX2ch/PTTowAhAGIdS68F4e0VGjAFwfZBDgs2hRliTpcqOf7WECQ= =DJES -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fabe2b6.6020...@gmail.com
Re: OT: More about GPG signing
On 10/05/12 16:45, Phil Dobbin wrote: On 10/05/12 16:14, Tony van der Hoff wrote: So, this message was signed. Having recently installed enigmail, to see what all the fuss is about in the other thread. I find I'm at a loss to understand how to interpret this. - OpenPGP Security Info Unverified signature gpg command line and output: /usr/bin/gpg gpg: Signature made Thu 10 May 2012 15:27:47 BST using RSA key ID A093C263 gpg: Can't check signature: public key not found - Am I expected to go to some keyserver to find the sender's public key? How, where, why? Maybe I've not set up Enigmail correctly? Alternatively, should I just ignore the signature, in which case why is the sender polluting the list with useless crap? You have an option to import my key under your PGP menu should you wish to do so . If you have installed Enigmail then go ahead do it. However, if you have no wish to use PGP see it as polluting the list with useless crap?, I suggest you uninstall Enigmail. Or you could continue to be incensed over a dozen or so lines of PGP keep Enigmail for some other purpose. As I suspected... -- Tony van der Hoff| mailto:t...@vanderhoff.org Buckinghamshire, England | -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fabe349.7020...@vanderhoff.org
Re: OT: More about GPG signing
On Thu, 2012-05-10 at 16:45 +0100, Phil Dobbin wrote: On 10/05/12 16:14, Tony van der Hoff wrote: So, this message was signed. Having recently installed enigmail, to see what all the fuss is about in the other thread. I find I'm at a loss to understand how to interpret this. - OpenPGP Security Info Unverified signature gpg command line and output: /usr/bin/gpg gpg: Signature made Thu 10 May 2012 15:27:47 BST using RSA key ID A093C263 gpg: Can't check signature: public key not found - Am I expected to go to some keyserver to find the sender's public key? How, where, why? Maybe I've not set up Enigmail correctly? Alternatively, should I just ignore the signature, in which case why is the sender polluting the list with useless crap? You have an option to import my key under your PGP menu should you wish to do so . If you have installed Enigmail then go ahead do it. However, if you have no wish to use PGP see it as polluting the list with useless crap?, I suggest you uninstall Enigmail. Or you could continue to be incensed over a dozen or so lines of PGP keep Enigmail for some other purpose. Cheers, Phil... With Evolution I can't. I need your keyserver and your keynumber. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336664952.4735.10.camel@precise
Re: OT: More about GPG signing
On Thu, May 10, 2012 at 05:49:12PM +0200, Ralf Mardorf wrote: On Thu, 2012-05-10 at 16:45 +0100, Phil Dobbin wrote: On 10/05/12 16:14, Tony van der Hoff wrote: So, this message was signed. Having recently installed enigmail, to see what all the fuss is about in the other thread. I find I'm at a loss to understand how to interpret this. - OpenPGP Security Info Unverified signature gpg command line and output: /usr/bin/gpg gpg: Signature made Thu 10 May 2012 15:27:47 BST using RSA key ID A093C263 gpg: Can't check signature: public key not found - Am I expected to go to some keyserver to find the sender's public key? How, where, why? Maybe I've not set up Enigmail correctly? Alternatively, should I just ignore the signature, in which case why is the sender polluting the list with useless crap? You have an option to import my key under your PGP menu should you wish to do so . If you have installed Enigmail then go ahead do it. With Evolution I can't. I need your keyserver and your keynumber. The key number is in the message (A093C263 above). The key servers are all public and mirrored with each other, so just pick one or more to use. If the person signing the message hasn't uploaded their key to a public keyserver, then they are perhaps not understanding what the public key is for ;) Roger -- .''`. Roger Leigh : :' : Debian GNU/Linuxhttp://people.debian.org/~rleigh/ `. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools `-GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120510155511.gi23...@codelibre.net
Re: OT: More about GPG signing
On Thu, 2012-05-10 at 16:14 +0100, Tony van der Hoff wrote: Alternatively, should I just ignore the signature, in which case why is the sender polluting the list with useless crap? That's the problem. For Evolution all mails look ok. Below some mails there's a button that notifies me, when an email is signed. E.g. Signature exists, but need public key If I push the button nothing changes. If there's an info in the mail, I can copy and paste and run gpg --keyserver [snip] --recv-keys [snip] Then I close and open Evolution. Now the button notifies me Valid signature, but cannot verify sender If I push the button nothing changes, I only get verbose output from gpg. I don't care about this. Other people send thumbnails with their photos, with each mail. I also don't care about this. The data doesn't brake the email and doesn't cost much data or traffic. FWIW sometimes IMO HTML is better than text, e.g. when sending links or a long command line. - Ralf -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336664722.4735.9.camel@precise
Re: OT: More about GPG signing
On Thu, 2012-05-10 at 16:55 +0100, Roger Leigh wrote: On Thu, May 10, 2012 at 05:49:12PM +0200, Ralf Mardorf wrote: On Thu, 2012-05-10 at 16:45 +0100, Phil Dobbin wrote: On 10/05/12 16:14, Tony van der Hoff wrote: So, this message was signed. Having recently installed enigmail, to see what all the fuss is about in the other thread. I find I'm at a loss to understand how to interpret this. - OpenPGP Security Info Unverified signature gpg command line and output: /usr/bin/gpg gpg: Signature made Thu 10 May 2012 15:27:47 BST using RSA key ID A093C263 gpg: Can't check signature: public key not found - Am I expected to go to some keyserver to find the sender's public key? How, where, why? Maybe I've not set up Enigmail correctly? Alternatively, should I just ignore the signature, in which case why is the sender polluting the list with useless crap? You have an option to import my key under your PGP menu should you wish to do so . If you have installed Enigmail then go ahead do it. With Evolution I can't. I need your keyserver and your keynumber. The key number is in the message (A093C263 above). The key servers are all public and mirrored with each other, so just pick one or more to use. If the person signing the message hasn't uploaded their key to a public keyserver, then they are perhaps not understanding what the public key is for ;) This resulted in Valid signature, but cannot verify sender (Phil Dobbin bukowskis...@gmail.com): gpg: armor header: Hash: SHA1 gpg: armor header: Version: GnuPG v1.4.11 (GNU/Linux) gpg: armor header: Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ gpg: original file name='' gpg: Signature made Thu 10 May 2012 05:45:50 PM CEST using RSA key ID A093C263 gpg: using PGP trust model gpg: Good signature from Phil Dobbin bukowskis...@gmail.com gpg: aka [jpeg image of size 518977] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: AADB 6887 80BF 485B EF0D 4DBC 23E6 616E A093 C263 gpg: textmode signature, digest algorithm SHA1 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336665574.5057.2.camel@precise
Re: OT: More about GPG signing
On Thu, 10 May 2012 16:14:12 +0100, Tony van der Hoff wrote: So, this message was signed. Having recently installed enigmail, to see what all the fuss is about in the other thread. I find I'm at a loss to understand how to interpret this. (...) A093C263 gpg: Can't check signature: public key not found (...) Am I expected to go to some keyserver to find the sender's public key? It should be done automatically. How, By choosing a server from where to lookup the public keys. where, From Enigmail configuration settings. why? To validate the signature. Note that a validated signature is not a verified signature (user's signature can be valid but not trusted). Maybe I've not set up Enigmail correctly? Maybe. Docs and FAQs can be found here: http://enigmail.mozdev.org/home/index.php.html Alternatively, should I just ignore the signature, Yes, but then why is that you installed Enigmail, what's your purpose? in which case why is the sender polluting the list with useless crap? The sender is not polluting the list, it's the recipient who has to know how to deal with signatures... should he/she wants. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jogotc$qkr$1...@dough.gmane.org
Re: OT: More about GPG signing
On Thu, 10 May 2012 17:45:22 +0200, Ralf Mardorf wrote: On Thu, 2012-05-10 at 16:14 +0100, Tony van der Hoff wrote: Alternatively, should I just ignore the signature, in which case why is the sender polluting the list with useless crap? That's the problem. (...) And what's _what you think_ the problem is? The problem here is that users *don't understand* what a GPG/PGP signature is. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jogp4c$qkr$1...@dough.gmane.org
Re: OT: More about GPG signing
On Thu, May 10, 2012 at 05:59:34PM +0200, Ralf Mardorf wrote: On Thu, 2012-05-10 at 16:55 +0100, Roger Leigh wrote: On Thu, May 10, 2012 at 05:49:12PM +0200, Ralf Mardorf wrote: On Thu, 2012-05-10 at 16:45 +0100, Phil Dobbin wrote: With Evolution I can't. I need your keyserver and your keynumber. The key number is in the message (A093C263 above). The key servers are all public and mirrored with each other, so just pick one or more to use. If the person signing the message hasn't uploaded their key to a public keyserver, then they are perhaps not understanding what the public key is for ;) This resulted in Valid signature, but cannot verify sender (Phil Dobbin bukowskis...@gmail.com): That's all exactly as it should be. The signature was validated, i.e. the message was signed with the private key of this key pair. However, because you've not told gpg that you trust them, gpg can't verify that the identity is real. After all, anyone can make a key with a given name and email address--this is not in itself proof of the origin of the email. For that, you need to sign their key with your key, which establishes that you have met them in real life, and that you have associated a real life individual with that particular private key. For that, you'll need to look into keysigning and trust relationships with gpg. You don't even need to meet them personally--you just need to join the web of trust by trusting someone who trusts them, or even 2 or more hops from that. I've mainly only signed the keys of Debian developers who are in the UK or were visiting the UK, but because of this, I can trust people all over the world who aren't even necessarily associated with Debian. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linuxhttp://people.debian.org/~rleigh/ `. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools `-GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120510161759.gj23...@codelibre.net
Re: OT: More about GPG signing
On Thu, 10 May 2012 16:03:56 + (UTC) Camaleón noela...@gmail.com wrote: Hello Camaleón, On Thu, 10 May 2012 16:14:12 +0100, Tony van der Hoff wrote: Am I expected to go to some keyserver to find the sender's public key? It should be done automatically. Only if GPG is set up to do so. Otherwise manual intervention is required. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent You're only 29 got a lot to learn Seventeen - Sex Pistols signature.asc Description: PGP signature
Re: OT: More about GPG signing
On Thu, 10 May 2012 17:59:34 +0200 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: Hello Ralf, This resulted in Valid signature, but cannot verify sender (Phil Dobbin bukowskis...@gmail.com): Because there's no web of trust involving people that both you and the keyholder know. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent If Adolf Hitler flew in today, they'd send a limousine anyway (White Man) In Hammersmith Palais - The Clash signature.asc Description: PGP signature
Re: OT: More about GPG signing
On 10/05/12 17:16, Brad Rogers wrote: On Thu, 10 May 2012 17:59:34 +0200 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: Hello Ralf, This resulted in Valid signature, but cannot verify sender (Phil Dobbin bukowskis...@gmail.com): Because there's no web of trust involving people that both you and the keyholder know. So, the OP signs his mail to a list. I would guess that no web of trust exists between him and 99.9% of the list members. What is the benefit of such a signature? -- Tony van der Hoff| mailto:t...@vanderhoff.org Buckinghamshire, England | -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fabed99.50...@vanderhoff.org
Re: OT: More about GPG signing
On Thu, 10 May 2012 17:18:04 +0100, Brad Rogers wrote: On Thu, 10 May 2012 16:03:56 + (UTC) Camaleón noela...@gmail.com wrote: Hello Camaleón, On Thu, 10 May 2012 16:14:12 +0100, Tony van der Hoff wrote: Am I expected to go to some keyserver to find the sender's public key? It should be done automatically. Only if GPG is set up to do so. Otherwise manual intervention is required. Enigmail does it with no user intervention. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jogr0l$qkr$1...@dough.gmane.org
Re: OT: More about GPG signing
Hello Tony, Tony van der Hoff t...@vanderhoff.org wrote: What is the benefit of such a signature? Those who know him now can verify the signature. In addition, if at any later stage someone else claims to have posted this message, the OP can prove that it was indeed him who posted it. Everybody else interested in either the OP or the message can also verify the signature (though that might require some work to, for example, meet the OP personally). However, you are absolutely free to ignore the signature if it is of no value to you and most clients will even hide it by default (or show a small button). There is, however, no way to avoid excessive quoting, which can easily exceed the size of a signature. Best regards, Claudius -- Patageometry, n.: The study of those mathematical properties that are invariant under brain transplants. http://chubig.net telnet nightfall.org 4242 signature.asc Description: PGP signature
Re: OT: More about GPG signing
On 10/05/12 17:39, Camaleón wrote: On Thu, 10 May 2012 17:18:04 +0100, Brad Rogers wrote: On Thu, 10 May 2012 16:03:56 + (UTC) Camaleón noela...@gmail.com wrote: Hello Camaleón, On Thu, 10 May 2012 16:14:12 +0100, Tony van der Hoff wrote: Am I expected to go to some keyserver to find the sender's public key? It should be done automatically. Only if GPG is set up to do so. Otherwise manual intervention is required. Enigmail does it with no user intervention. Greetings, That's not what I found. I think I've now got it set up correctty, but intervention was needed. -- Tony van der Hoff| mailto:t...@vanderhoff.org Buckinghamshire, England | -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fabf00f.9030...@vanderhoff.org
Re: OT: More about GPG signing
On 10/05/12 17:40, Claudius Hubig wrote: Hello Tony, However, you are absolutely free to ignore the signature if it is of no value to you and most clients will even hide it by default (or show a small button). Thunderbird doesn't appear to. However, having activated enigmail, and linked it to a keyserver, I'm no longer seeing the block of hex at the end of messages. I can live with that. -- Tony van der Hoff| mailto:t...@vanderhoff.org Buckinghamshire, England | -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fabf1b0.5050...@vanderhoff.org
Re: OT: More about GPG signing
On Thu, 10 May 2012 17:42:55 +0100, Tony van der Hoff wrote: On 10/05/12 17:39, Camaleón wrote: On Thu, 10 May 2012 17:18:04 +0100, Brad Rogers wrote: On Thu, 10 May 2012 16:03:56 + (UTC) Camaleón noela...@gmail.com wrote: Hello Camaleón, On Thu, 10 May 2012 16:14:12 +0100, Tony van der Hoff wrote: Am I expected to go to some keyserver to find the sender's public key? It should be done automatically. Only if GPG is set up to do so. Otherwise manual intervention is required. Enigmail does it with no user intervention. That's not what I found. I think I've now got it set up correctty, but intervention was needed. The only user intervention is setting up Enigmail. Once it's configured, you don't have to do nothing other than selecting/clicking over a signed message. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jogrsu$qkr$1...@dough.gmane.org
Re: OT: More about GPG signing
On 10/05/12 17:54, Camaleón wrote: you don't have to do nothing A double negative, Camaleón? ;) You have to do something? -- Tony van der Hoff| mailto:t...@vanderhoff.org Buckinghamshire, England | -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fabf3fd.70...@vanderhoff.org
Re: OT: More about GPG signing
On Thu, 10 May 2012 17:59:41 +0100, Tony van der Hoff wrote: On 10/05/12 17:54, Camaleón wrote: you don't have to do nothing A double negative, Camaleón? ;) In Spanish sounded good O:-) You have to do something? Configure Enigmail. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jogsv3$qkr$1...@dough.gmane.org
Re: OT: More about GPG signing
On Thu, 2012-05-10 at 17:32 +0100, Tony van der Hoff wrote: So, the OP signs his mail to a list. I would guess that no web of trust exists between him and 99.9% of the list members. +1 That's what I try to explain. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336670454.5199.4.camel@precise
Re: OT: More about GPG signing
On Thu, 2012-05-10 at 18:40 +0200, Claudius Hubig wrote: Hello Tony, Tony van der Hoff t...@vanderhoff.org wrote: What is the benefit of such a signature? Those who know him now can verify the signature. In addition, if at any later stage someone else claims to have posted this message, the OP can prove that it was indeed him who posted it. Everybody else interested in either the OP or the message can also verify the signature (though that might require some work to, for example, meet the OP personally). And what is the benefit of this on an open mailing list? To ensure that somebody called or didn't call somebody else names, gave right or wrong information? IMO this is infantile. Don't get me wrong! I'm not against signing, if other people wish to do. It anyway is senseless. - Ralf -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336670739.5199.8.camel@precise
Re: OT: More about GPG signing
On Thu, 2012-05-10 at 16:07 +, Camaleón wrote: On Thu, 10 May 2012 17:45:22 +0200, Ralf Mardorf wrote: On Thu, 2012-05-10 at 16:14 +0100, Tony van der Hoff wrote: Alternatively, should I just ignore the signature, in which case why is the sender polluting the list with useless crap? That's the problem. (...) And what's _what you think_ the problem is? The problem here is that users *don't understand* what a GPG/PGP signature is. Or some do fake that they are dummies, while they aren't?! On Thu, 2012-05-10 at 17:16 +0100, Brad Rogers wrote: On Thu, 10 May 2012 17:59:34 +0200 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: Hello Ralf, This resulted in Valid signature, but cannot verify sender (Phil Dobbin bukowskis...@gmail.com): Because there's no web of trust involving people that both you and the keyholder know. Exactly and this is valid for the majority on mailing lists. Btw. funny photo. - Ralf -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336670333.5199.3.camel@precise
Re: OT: More about GPG signing
On Thu, May 10, 2012 at 06:40:42PM +0200, Claudius Hubig wrote: Hello Tony, Tony van der Hoff t...@vanderhoff.org wrote: What is the benefit of such a signature? Those who know him now can verify the signature. In addition, if at any later stage someone else claims to have posted this message, the OP can prove that it was indeed him who posted it. Everybody else interested in either the OP or the message can also verify the signature (though that might require some work to, for example, meet the OP personally). However, you are absolutely free to ignore the signature if it is of no value to you and most clients will even hide it by default (or show a small button). There is, however, no way to avoid excessive quoting, which can easily exceed the size of a signature. Best regards, Claudius -- Patageometry, n.: The study of those mathematical properties that are invariant under brain transplants. http://chubig.net telnet nightfall.org 4242 Actually, depending on the editor one uses to compose email, there are ways to avoid quoting the hideous block of text. In vim, for instance, just put this in your .vimrc: map ,kqs :/^[ ]* -- *$/;?^[ ][ ]*$?;.,/^[ ]*$/-1dCR There also also ways to do this in emacs, jed, etc, but I don't know them as I just use vim. -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120510173242.GA25617@radhesyama
Re: OT: More about GPG signing
On Thu, May 10, 2012 at 07:25:39PM +0200, Ralf Mardorf wrote: On Thu, 2012-05-10 at 18:40 +0200, Claudius Hubig wrote: Hello Tony, Tony van der Hoff t...@vanderhoff.org wrote: What is the benefit of such a signature? Those who know him now can verify the signature. In addition, if at any later stage someone else claims to have posted this message, the OP can prove that it was indeed him who posted it. Everybody else interested in either the OP or the message can also verify the signature (though that might require some work to, for example, meet the OP personally). And what is the benefit of this on an open mailing list? To ensure that somebody called or didn't call somebody else names, gave right or wrong information? IMO this is infantile. Don't get me wrong! I'm not against signing, if other people wish to do. It anyway is senseless. Be careful now Ralf, some people consider their e-peens sacred! -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120510173619.GB25617@radhesyama
Re: OT: More about GPG signing
On Thu, 10 May 2012 16:39:49 + (UTC) Camaleón noela...@gmail.com wrote: Hello Camaleón, Enigmail does it with no user intervention. I don't use Enigmail, but I'd place a small wager that it can be set up to either pull public keys automatically or manually. What the default is, IDK. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent Life's short, don't make a mess of it No Time To Be 21 - The Adverts signature.asc Description: PGP signature
Re: OT: More about GPG signing
On Thu, 10 May 2012 17:32:25 +0100 Tony van der Hoff t...@vanderhoff.org wrote: Hello Tony, What is the benefit of such a signature? Read Roger Leigh's message on just that subject. It explains things well. No point in me saying the same thing again. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent Bet you think you're king but you're really a pawn When You're Young - The Jam signature.asc Description: PGP signature
Re: OT: More about GPG signing
On Thu, 10 May 2012 19:18:53 +0200 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: Hello Ralf, Exactly and this is valid for the majority on mailing lists. True, but that's not the point. I always PGP sign list mail because it shows a single source, making it harder for somebody to spoof as me on the list. Btw. funny photo. 'Iconic' is, I think, the word you're looking for. In point of fact, it was the cover of Touch by The Eurythmics. The one included in this post will be different. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent Why do they try to hide our past pulling down houses and build car parks Bricks Mortar - The Jam signature.asc Description: PGP signature
Re: OT: More about GPG signing
On Thu, 10 May 2012 19:18:53 +0200, Ralf Mardorf wrote: On Thu, 2012-05-10 at 16:07 +, Camaleón wrote: On Thu, 10 May 2012 17:45:22 +0200, Ralf Mardorf wrote: On Thu, 2012-05-10 at 16:14 +0100, Tony van der Hoff wrote: Alternatively, should I just ignore the signature, in which case why is the sender polluting the list with useless crap? That's the problem. (...) And what's _what you think_ the problem is? The problem here is that users *don't understand* what a GPG/PGP signature is. Or some do fake that they are dummies, while they aren't?! If it talks like a dummy, writes like a dummy and looks like a dummy... it's because it's a dummy. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jogv9i$qkr$2...@dough.gmane.org
Re: OT: More about GPG signing
On 10/05/12 18:25, Ralf Mardorf wrote: And what is the benefit of this on an open mailing list? To ensure that somebody called or didn't call somebody else names, gave right or wrong information? IMO this is infantile. Don't get me wrong! I'm not against signing, if other people wish to do. It anyway is senseless. I've learned a lot about GPG signing during the last few days. I can see there are benefits where the recipient needs to be absolutely certain that the sender is known to him. That is certainly not the way mailing lists work, so causing a block of some 400 characters to be sent to each and every subscriber is pure self-indulgence, on the scale of insisting on sending HTML-formatted mail. On balance, I think I prefer the latter. I have come to the conclusion that a GPG signature in these circumstances says more about the sender's sense of self-importance than anything else. Cheers, Tony -- Tony van der Hoff| mailto:t...@vanderhoff.org Buckinghamshire, England | -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fac0199.7060...@vanderhoff.org
Re: OT: More about GPG signing
On Thu, 2012-05-10 at 18:57 +0100, Tony van der Hoff wrote: On 10/05/12 18:25, Ralf Mardorf wrote: And what is the benefit of this on an open mailing list? To ensure that somebody called or didn't call somebody else names, gave right or wrong information? IMO this is infantile. Don't get me wrong! I'm not against signing, if other people wish to do. It anyway is senseless. I've learned a lot about GPG signing during the last few days. I can see there are benefits where the recipient needs to be absolutely certain that the sender is known to him. That is certainly not the way mailing lists work, so causing a block of some 400 characters to be sent to each and every subscriber is pure self-indulgence, on the scale of insisting on sending HTML-formatted mail. On balance, I think I prefer the latter. I have come to the conclusion that a GPG signature in these circumstances says more about the sender's sense of self-importance than anything else. I'm uncertain if I should answer off-list or not ;). Because there's such a tendency to get mails as confident as possible, I thought about talking about psychotherapy ;). Not for me, I'm hopeless. I don't care about 400 characters more or less. I also prefer a funny Iconic or HTML to a signing. :D Regards, Ralf -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336673852.5199.35.camel@precise
Re: OT: More about GPG signing
On Thu, 2012-05-10 at 12:32 -0500, Indulekha wrote: -- Patageometry, n.: The study of those mathematical properties that are invariant under brain transplants. http://chubig.net telnet nightfall.org 4242 Actually, depending on the editor one uses to compose email, there are ways to avoid quoting the hideous block of text. In vim, for instance, just put this in your .vimrc: map ,kqs :/^[ ]* -- *$/;?^[ ][ ]*$?;.,/^[ ]*$/-1dCR There also also ways to do this in emacs, jed, etc, but I don't know them as I just use vim. And you anyway didn't cut the signature (not signing) of the previous mail ;). An open mailing list should be usable with all common mailers. KMail, Thunderbird, Mutt, Evolution etc.. 2 Cents, Ralf -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1336672911.5199.26.camel@precise
Re: OT: More about GPG signing
On Thu, May 10, 2012 at 08:01:51PM +0200, Ralf Mardorf wrote: On Thu, 2012-05-10 at 12:32 -0500, Indulekha wrote: -- Patageometry, n.: The study of those mathematical properties that are invariant under brain transplants. http://chubig.net telnet nightfall.org 4242 Actually, depending on the editor one uses to compose email, there are ways to avoid quoting the hideous block of text. In vim, for instance, just put this in your .vimrc: map ,kqs :/^[ ]* -- *$/;?^[ ][ ]*$?;.,/^[ ]*$/-1dCR There also also ways to do this in emacs, jed, etc, but I don't know them as I just use vim. And you anyway didn't cut the signature (not signing) of the previous mail ;). Yes, it seems to work only on the gpg/pgp sigs consistently. I know too little about it, frankly, and got really burned out on having this kind of issue, so once I managed to not quote the gpg block I pronounced it good enough. Interestingly, someone on the list immediately responded by doing something to elude this, as well as my mutt display-filter, and also proudly announced his return to long, weird signatures. That pretty much proved to me he was deliberately trolling, so I now filter him. Problem solved. An open mailing list should be usable with all common mailers. KMail, Thunderbird, Mutt, Evolution etc.. 2 Cents, Ralf +1 But life is chock full of problems other people cause via poor decisions and defective reasoning, best just learn to work around it. When that can't be done without strain there's always filtering. But this list is pretty good, most people are kind, respectful, knowledgeable, and helpful. The fact I've only felt compelled to filter one person is a very good sign. :) -- ❤ ♫ ❤ ♫ ❤ ♫ ❤ Indulekha -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120510190241.GA27644@radhesyama
Re: OT: More about GPG signing
On Thu, 10 May 2012, Tony van der Hoff wrote: I've learned a lot about GPG signing during the last few days. I can see there are benefits where the recipient needs to be absolutely certain that the sender is known to him. Yes. Or that the sender belongs to a certain group, for which an authoritative keyring is maintained. That is certainly not the way mailing lists work, so causing a block of some 400 characters to be sent to each and every subscriber is pure self-indulgence, on the scale of insisting on sending HTML-formatted mail. On balance, I think I prefer the latter. I have come to the conclusion that a GPG signature in these circumstances says more about the sender's sense of self-importance than anything else. Not always. Debian has a few mailing-lists where only signed mail by a Debian Developer is accepted (the -announce ones). Also, some information is considered critical enough that it is always sent signed. And yes, people DO make a fuss if the signature doesn't verify :) I've seen lots of PGP/MIME and S/MIME signed mails on MLs over the years, and any MUA worth using will do something smart with it (such as hide the mess and not bother the user if he is not validating signatures). Incorrectly-formatted PGP/MIME, as well as inline signatures are far more cubbersome on most MUAs, so they're far more likely to cause huge threads when used in an indiscriminate way. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120510212929.gb21...@khazad-dum.debian.net
Re: OT: More about GPG signing
On 11/05/12 07:29, Henrique de Moraes Holschuh wrote: On Thu, 10 May 2012, Tony van der Hoff wrote: I've learned a lot about GPG signing during the last few days. I can see there are benefits where the recipient needs to be absolutely certain that the sender is known to him. Yes. Or that the sender belongs to a certain group, for which an authoritative keyring is maintained. That is certainly not the way mailing lists work, so causing a block of some 400 characters to be sent to each and every subscriber is pure self-indulgence, on the scale of insisting on sending HTML-formatted mail. On balance, I think I prefer the latter. I have come to the conclusion that a GPG signature in these circumstances says more about the sender's sense of self-importance than anything else. Not always. Debian has a few mailing-lists where only signed mail by a Debian Developer is accepted (the -announce ones). Also, some information is considered critical enough that it is always sent signed. And yes, people DO make a fuss if the signature doesn't verify :) And for some people signing their posts is a good idea on any Debian list. ie. people who hold a position of authority in the Debian community. However in every one of those cases I've always found a valid web of trust - likewise with half a dozen posters on this list, even though I've not met them - I've met or know some of the people in their key signing chain. 2 or 3 degrees seems to cover most of the globe with Debian/GNU/Linux, and geographic location has no bearing on whether other people will sign your key. I've seen lots of PGP/MIME and S/MIME signed mails on MLs over the years, and any MUA worth using will do something smart with it (such as hide the mess and not bother the user if he is not validating signatures). Yes! If the signer relies on the recipient to jump through hoops to validate the signature it speaks volumes of the signer. If you have to cut and paste or perform CLI magic to validate or make a post viewable then the whole excercise is *unfriendly*. Incorrectly-formatted PGP/MIME, as well as inline signatures are far more cumbersome on most MUAs, so they're far more likely to cause huge threads when used in an indiscriminate way. And it will continue to increase as more people start using PGP signatures and github accounts like digital fetishes. Many people are convinced a message is from who it says it's from, just because it's signed - few check the signature and even fewer check the identity of the signer. PGP is a convenient and robust system of ensuring the integrity and authorship of a message when used properly - otherwise it's a convenient ego toy for the ignorant at the inconvenience of others. Not unlike animated avatars and advertisements in signatures. I'd encourage people to use digital signatures where appropriate - but only if used properly. If it's used properly few people will complain and using PGP improperly is worse than not using it at all (promotes bad practices and devalues the protocol). Kind regards -- Iceweasel/Firefox/Chrome/Chromium/Iceape/IE extensions for finding answers to questions about Debian:- https://addons.mozilla.org/en-US/firefox/collections/Scott_Ferguson/debian/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fac41d8.9040...@gmail.com
