On Tue, 2008-08-19 at 18:10 +0930, Tim wrote: > Tim: > >> Is it just me, or do others also think that a public email (even a > >> signed one) would be almost the worst place to trust a fingerprint > >> announcement? > > Laszlo BERES: > > If the mail is correctly signed then it's OK. > > A message being correctly signed isn't quite the same thing as being > able to verify that it's been produced by the person in question.
Signatures tell you that whoever produced them has the private key, the rest is assumption. poc -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
