-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 02 December 2003 06:11, Luke-Jr wrote: > In which case, one would need to establish that they are actually > talking with the person who is to give the key and be sure that it is > not someone else they are talking with. > I don't see how this is any less an issue with sending new devs > passwords, anyway...
In which way is this different from telling someone the temporary password over ssh. How can you know that you are talking to the actual prospective dev. If that prospective dev has allready used pgp to sign his messages to the list, one can be fairly sure that you are talking to the person that you intent to make a dev, else, yeah, well... that is a problem not specific to ssh keys and has more to do with social engineering. Is it possible to "infiltrate" an organization like gentoo? And is this risk a real risk. Paul - -- Paul de Vrieze Gentoo Developer Mail: [EMAIL PROTECTED] Homepage: http://www.devrieze.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/zFwmbKx5DBjWFdsRAtcVAJ9hNzHDxDdqa2MWywdJi6XElRQ55ACeN7sq CDICcIrBZFhbd43ciB0WWTM= =m9V3 -----END PGP SIGNATURE----- -- [EMAIL PROTECTED] mailing list
