[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gNewSense-users] gNewSense Repository PGP Key

From: Eric Morey
Subject: Re: [gNewSense-users] gNewSense Repository PGP Key
Date: Sun, 13 Dec 2009 12:23:03 -0500

On Sun, 2009-12-13 at 23:18 +1030, Karl Goetz wrote:
> On Sat, 12 Dec 2009 23:17:19 -0500
> Eric Morey <address@hidden> wrote:
> > Isn't a wiki an inherently bad place to post a PGP key? How could I
> >  have any level of trust that it is the correct one?
> if it doesn't match whats signing package lists in the archive its the
> wrong key. If someones MITM'd the archive I dont see why www. or wiki.
> would be any safer.

It is clear that I don't understand the nuances of cryptographic key
signing. Your statement simply doesn't make sense to me. I thought that
the purpose of the PGP key was to verify that the packages downloaded
a) the correct packages 
b) downloaded without error.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]