Re: [gNewSense-users] gNewSense Repository PGP Key

[Eric Morey]

On Sun, 2009-12-13 at 23:18 +1030, Karl Goetz wrote:
> On Sat, 12 Dec 2009 23:17:19 -0500
> Eric Morey <address@hidden> wrote:
> > Isn't a wiki an inherently bad place to post a PGP key? How could I
> >  have any level of trust that it is the correct one?
> 
> if it doesn't match whats signing package lists in the archive its the
> wrong key. If someones MITM'd the archive I dont see why www. or wiki.
> would be any safer.

It is clear that I don't understand the nuances of cryptographic key
signing. Your statement simply doesn't make sense to me. I thought that
the purpose of the PGP key was to verify that the packages downloaded
are: 
a) the correct packages 
and 
b) downloaded without error.