On Sun, Apr 01, 2007 at 08:32:19PM EDT, Michael Pobega wrote: > On Sun, Apr 01, 2007 at 07:09:55PM -0500, John Hasler wrote: > > Michael Pobega writes: > > > Is it a bad practice to verify keyrings of people on the mailing list, or > > > is it better to wait until I meet up with some of them at say Debconf or > > > something similar? > > > > Depends on what you mean by "verify". There is nothing wrong with > > downloading their public keys and using them to verify that all the > > messages purporting to come from them are indeed signed with the same key > > and so probably did come from the same person. However, you should not > > sign someone's key unless you have met them, interviewed them, and examined > > and verified their credentials. > > > > What exactly is signing a key, and how does it work? > > I'd Google it...but I wouldn't know where to start.
When I can't think of the right keywords to google for straight answers I usually enter "wiki subject" (with a few variations) on the "advanced search" screen until I pull out stuff that looks vaguely promising .. read a few articles .. follow a few links .. etc. try to acquire a bit of background .. jot down a few buzzwords .. then get back to google with a better idea what I'm looking for .. start over .. etc. Not a magic bullet .. time-consuming .. but in my case this approach has proved fairly helpful so far. HTH Thanks, cga -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]