-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 06/08/2014 06:20 PM, Andrei POPESCU wrote:
> On Du, 08 iun 14, 23:37:40, Ralf Mardorf wrote: > >> On Mon, 2014-06-09 at 00:22 +0300, Andrei POPESCU wrote: >>> >>> Could you please elaborate on this? >> >> What should I explain? That signing usually is unwanted? It's >> usually unwanted, because there is absolutely no reason to sign >> mails to a mailing list, especially when most messages are signed >> with untrusted keys. I experience this on many mailing lists, not >> at Debian user. > > Mails signed by untrusted keys is a (real) problem that needs to be > solved, hence my suggestion to join the Web of Trust. Receiving a message signed by an untrusted key isn't useless, however. It means that if you later receive another message signed by the same (still untrusted) key, you can be sure the two messages were sent by the same source. (Barring key compromise or the like.) Few if any of you have any clue who I am, or any reason to trust me beyond what you see me post here - but because I sign all my posts here with the same key, you can be sure that each new message comes from the same person who posted the earlier ones, whoever that may actually be. In many cases - including, I think, the one which sparked this discussion - that "yes, this is the same person who has been earlier seen doing X" is IMO more important, for practical purposes, than being able to verify some other aspect of the poster's identity. >> Signing a mail to a mailing list IMO is similar to draw up a >> contract, when you lend a friend 10,-€. There simply shouldn't be >> the need to sign those messages, just because there is one >> Super-Troll. AFAIK this never happened before and there's no reason >> to assume it will happen often in the future. This Super-Troll is >> an exception. > > That's your opinion, but I disagree. I sign most e-mails (even in > private conversations) also as a reminder to everyone that email is > insecure by design. As far as I'm concerned signing and/or encrypting > as needed should be the default, not vice-versa. Agreed 100%. (Except for s/most/all/, barring things like "reply to this automated mail to confirm your intent to subscribe to the mailing list" messages.) And while forged posting and suchlike may not have happened *here* in the past, it's certainly happened elswhere; if I'm not mistaken, there are some newsgroups where it's been almost a common thing to see at times, though certainly not a common thing to do. - -- The Wanderer Secrecy is the beginning of tyranny. A government exists to serve its citizens, not to control them. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJTlOf1AAoJEASpNY00KDJrl2AQAJEW6TnRbBDNl54KJqol0pqx atO2UIy6BJ+yRFSw5DAxwAfYejbZYYkf1MUwyw5NA1ADVUo1+CvAcqhwGrOUHZKe SpZkEMoNqVrwspH7oh4PpOlZPCw0AVP5FL9f8cLiqm6W+GuDBhmzMh+8jq7lWc3O 6bIrat8ayoKd6ZqHnfIaTa9UeEVyqvalb1xOa9c2dfY6P4rU7kGMYR9fL8c16c7f /XjB09UW+1w2Jm+Lz3lbYrvQEy7EWqrrWU6kwtAuXNcR6CKnnpNo5YUHBLMsAdqW fT6fnrK5AvmPyUd4mxXGnmOMbzlnGnhBIrsk+GmGnXi5sYGf4Zi5osfuSU+VE290 GQNszlXZcKjAheUhs98q4pKa0li5GZJEOluAZ2L1UhReRBsOhRki8xxiUwPZdS7W hQJ7SnHESFUKu4oX4Csle/p9qvh/4xbnqEDmCYLiF/RfTQz6bKINVuYUHJO8uLQt ix1ipfBkQm7efQEW7z9PTPZT0ewbCQDRMZlvtPHojTMF6sxIujcamN0v2OJjR5Zw YCuu4D1DMhV10Gwi8MBWjYE3+kcoGxxk9722BNcEVZyFOU1amafFq7tEBkfdK6Fh wFcXYpZuEe9PVY5QeF7gpVZC+9XBo2fNXOp13bRoDOxRf4ZQKUNbkyMAQPpzYslH BOev9mrCP8S3T1ixK7xC =jzZu -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5394e7f5.7090...@fastmail.fm