Re: [gNewSense-users] gNewSense Repository PGP Key

gnewsense-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gNewSense-users] gNewSense Repository PGP Key

From:	Karl Goetz
Subject:	Re: [gNewSense-users] gNewSense Repository PGP Key
Date:	Mon, 14 Dec 2009 10:32:23 +1030

On Sun, 13 Dec 2009 12:23:03 -0500
Eric Morey <address@hidden> wrote:

> On Sun, 2009-12-13 at 23:18 +1030, Karl Goetz wrote:
> > On Sat, 12 Dec 2009 23:17:19 -0500
> > Eric Morey <address@hidden> wrote:
> > > Isn't a wiki an inherently bad place to post a PGP key? How could
> > > I have any level of trust that it is the correct one?
> > 
> > if it doesn't match whats signing package lists in the archive its
> > the wrong key. If someones MITM'd the archive I dont see why www.
> > or wiki. would be any safer.
> 
> It is clear that I don't understand the nuances of cryptographic key
> signing. Your statement simply doesn't make sense to me. I thought
> that the purpose of the PGP key was to verify that the packages
> downloaded are: 
> a) the correct packages 

"From a trusted vendor" (aka gNS), yes. not sure if thats what you
meant with the above or not.

> and 
> b) downloaded without error.

No, this is what the checksums in the Packages{,.gz,.bz2} lists are for.
kk

-- 
Karl Goetz, (Kamping_Kaiser / VK5FOSS)
Debian contributor / gNewSense Maintainer
http://www.kgoetz.id.au
No, I won't join your social networking group

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [gNewSense-users] gNewSense Repository PGP Key, (continued)

Prev by Date: Re: [gNewSense-users] gNewSense Repository PGP Key
Next by Date: Re: [gNewSense-users] Problem with OpenOffice.org Database and Mysql Server
Previous by thread: Re: [gNewSense-users] gNewSense Repository PGP Key
Next by thread: [gNewSense-users] gNewSense Compatible PDAs
Index(es):
- Date
- Thread