gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Common merge request format (was: [Gnu-arch-users] Preferences for b

From: Andrew Suffield
Subject: Re: Common merge request format (was: [Gnu-arch-users] Preferences for branching in merge submissions?)
Date: Sat, 10 Apr 2004 02:30:28 +0100
User-agent: Mutt/1.5.5.1+cvs20040105i 
On Fri, Apr 09, 2004 at 07:27:44PM +0100, Robin Green wrote:
> On Fri, Apr 09, 2004 at 05:42:12AM +0100, Andrew Suffield wrote:
> > On Thu, Apr 08, 2004 at 06:33:38PM +0100, Robin Green wrote:
> > > From-Gpg-Key:            http://bogus.example.com/gpg-keys/me.gpg
> > 
> > Why?
> 
> Because checking with a completely untrusted key is slightly more
> secure than no signature check at all. At least you can tell that (assuming
> that no-one else has the private key) the person who committed today
> was the same person that committed yesterday.
> 
> If the submitter posts to a mailing list and signs all their posts, and you
> automatically download public keys for all signed posts, that provides a
> further measure of confidence against impersonations. (This is assuming
> that the script complains loudly and aborts if it finds a live key
> that differs from an existing live key that you have for the same email
> address.)
> 
> What would you suggest instead?

While there is certainly some value in checking signatures from an
untrusted key, if only that it can build up trust over time, none of
that is assisted by providing a URL to a gpg keyring...

-- 
  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |

Attachment: signature.asc
Description: Digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]