[Monotone-devel] Re: PGP key signing

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Monotone-devel] Re: PGP key signing

From:	Lapo Luchini
Subject:	[Monotone-devel] Re: PGP key signing
Date:	Wed, 02 Aug 2006 00:55:02 +0200
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.0.5) Gecko/20060719 Thunderbird/1.5.0.5 Mnenhy/0.7.4.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ethan Blanton wrote:
> As an interesting contrast, I "trust" the key used to sign Linux
> Kernel releases
Of course.
And that's the very reason why a signature by Nathaniel, given enough
time and releases, would be useful to me almost as well as one from
Graydon.
(with my SCC babble I wasn't implying that it is a way to perfectly
trust people around the globe, just to suggest that if he feels it as
a "gap to be filled", well, there is people willing to do that near
his very city)
OTOH you can't, of course, say that Graydon's key, having something
*more* can be valued less. At worst, it will be equal if the extra
info has 0 value (extra info can't possibly have a negative impact).

The very fact that some 5-10 people are involved in each step of the
chain from me to Graydon do not have a value that is absolutely zero,
and whether I trust them very much or very little, it can't hurt.
Of course, I would never use a GPG signature for anything "serious"
unless I have high trust in all of the chain's signers.

Anyway, back to the topic of file transfers, I would like as little as
a "md5 hash" to verify against, not for security reasons, but mainly
just to be sure the download wasn't corrupted.
But of course I'd prefer a digital signature from one of the
developers ;-)

- --
Lapo Luchini
address@hidden (OpenPGP & X.509)
www.lapo.it (Jabber, ICQ, MSN)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJEz9vFAAoJELBiMTth2oCDGV8P/3xF+3GBPKBhDv0pbXch61UU
9sVnRCyvJYJaNEUD8PpSqbgFQ7vR1+/FnM7STy96D6frfhXH2kl7cHhYUurou4IV
+bh88/ENOXwCPc83cdxjB5CgYBKVrYdcjg0RM3DpNXDvmnszA5CW6u/3MUtxGYDT
5In45iO8P+5WAPhS2lakKFSlw5zH2reuThEfq17OJgUx7vb0OPWvjNcjjPaz9gjV
qcU6FyKn6saJjCqh0lIhBW1fbV2fIWb45Gz/COOkxYA1OTHMGGLxo6Cwx4Rd0BPd
zuV2usUSKBsfSrwZb7EL/pVh0T3rVxJnWcQvW8KdaaE+054i+uadQTAJ2ecgfwRR
ylX+QChv11ghgIS9bqPRxfg5/K0jLRnRLJH//2oS11HhJFGWlghlr/px5tSzEkYc
kAB95zoG76mWr0m27gn/xNgU9XAZrLoBsVdiWR8hTQbCcHNuY1D2Ag6g2cYNRzgI
CpcjRH0Wq274kb1/jwCTKG0/QO+LmmaEpLd30HavcQ4Dex5hgfQgrXC53zn9w1Xz
FUu5B+L98SwmRjORmYQDb7bd/wC4BoRfLP5WB+8i3E481Cusye/rjkcVpO7R3zQL
F5n7jGyNmjwP7KFs36rC0k8ne4bVtjV/qbLjthqErwldkuAenlhsgOgZvPv/qN2H
4niJUIvnwwAdTDmrf5LT
=y4nS
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] Re: BZ2 & signatures, Lapo Luchini, 2006/08/01
- PGP key signing (Was: Re: [Monotone-devel] Re: BZ2 & signatures), Ethan Blanton, 2006/08/01
  - [Monotone-devel] Re: PGP key signing, Bruce Stephens, 2006/08/01
    - [Monotone-devel] Re: PGP key signing, Graydon Hoare, 2006/08/01
  - [Monotone-devel] Re: PGP key signing, Lapo Luchini <=
  - Re: PGP key signing (Was: Re: [Monotone-devel] Re: BZ2 & signatures), Jack Lloyd, 2006/08/01
    - Re: PGP key signing (Was: Re: [Monotone-devel] Re: BZ2 & signatures), Ethan Blanton, 2006/08/02

Prev by Date: [Monotone-devel] Re: PGP key signing
Next by Date: Re: PGP key signing (Was: Re: [Monotone-devel] Re: BZ2 & signatures)
Previous by thread: [Monotone-devel] Re: PGP key signing
Next by thread: Re: PGP key signing (Was: Re: [Monotone-devel] Re: BZ2 & signatures)
Index(es):
- Date
- Thread