On Lu, 02 iul 12, 17:21:39, anots...@fastmail.fm wrote:
Posting gpg signing keys works for many other websites. How it works and
how I suggest...
- Go to https://some-project-website.com.
- Some root CA vouches for the identity of some-project-website.com.
- The author posts his gpg public
Roger Leigh:
On Mon, Jul 02, 2012 at 10:49:14PM +0200, Jochen Spieker wrote:
What I find more interesting is that the key 0x6294BE9B (Debian CD
signing key) only has nine signatures and only one from someone using
his official @debian org address (0x3442684E, Steve McIntyre). That
could
On Mon, 02 Jul 2012 11:34:15 -0700, anotst01 wrote:
Is there any TLS encrypted source for downloading the Debian iso signing
keys?
(...)
There's apt-secure:
http://wiki.debian.org/SecureApt
But beyond that, I'm not aware of any TLS/SSL implementation.
What kind of benefit do you foresee
On Mon, Jul 02, 2012 at 11:34:15AM -0700, anots...@fastmail.fm wrote:
Is there any TLS encrypted source for downloading the Debian iso signing
keys?
Of course, from a source verified by a common root certificate. Not from
the Debian CA, because there is no way to get this one from a trusted
Rob writes:
Basically you can use the debian-keyring package to obtain keys of
many Debian developers. You can have a high level of trust that those
keys are real because the package is signed and apt-get would notify
you if the signature was not real. The iso you are downloading should
be
Is there any TLS encrypted source for downloading the Debian iso signing
keys?
Of course, from a source verified by a common root certificate. Not from
the Debian CA, because there is no way to get this one from a trusted
source either, or is there?
If the answer is no, which were to correct
On Mon, Jul 02, 2012 at 11:34:15AM -0700, anots...@fastmail.fm wrote:
Is there any TLS encrypted source for downloading the Debian iso signing
keys?
Of course, from a source verified by a common root certificate. Not from
the Debian CA, because there is no way to get this one from a trusted
anots...@fastmail.fm:
Is there any TLS encrypted source for downloading the Debian iso signing
keys?
None that I know of, but I don't see a need for that either. Sure, you
could use one of the built-in certificates in your browser to bootstrap
the chain of trust to the signing keys. But that's
I still do believe a TLS encrypted source to obtain the iso signing keys
is necessary.
What about the people who live many miles away from the next developer?
Someone living on an isle should take the next flight just to get the
gpg keys?
What about the people who are unable to meet with the
On Mon, Jul 02, 2012 at 10:49:14PM +0200, Jochen Spieker wrote:
What I find more interesting is that the key 0x6294BE9B (Debian CD
signing key) only has nine signatures and only one from someone using
his official @debian org address (0x3442684E, Steve McIntyre). That
could surely be improved.
On Mon, Jul 02, 2012 at 02:08:08PM -0700, anots...@fastmail.fm wrote:
I still do believe a TLS encrypted source to obtain the iso signing keys
is necessary.
TLS encryption means that
- what travels over the connection is encrypted, and in theory only
decryptable at the two endpoints
- the
11 matches
Mail list logo