> first off, fix your e-mail client. this long line crap is ridiculous.
:) ever heard of flowed text? absolutely no need to get aggressive... > second, anyone can add/remove e-mail addresses. we arent verifying > e-mail addresses, we're verifying keys. Unfortunately you are misunderstanding the GnuPG trust model here. As a third party you are not signing someone's key, but someone's userid associated with that key. > the *only* thing that matters > is that the key we have on file (0xabcd) is the one that was used to > sign. That's a policy decision. Basically there are several ways to go by implementing our own trust model. 1) Rely on an existing list of keys somewhere distributed in portage, and automatically trust all keys in that list. VERY BAD, because if someone manipulates the portage tree he/she can manipulate that list as well. I'm pretty confident however you actually meant option 2) or 3): 2) Rely on an existing keyring somewhere distributed in portage; the file (not the keys themselves) is signed with a master key. Is a very clumsy workaround. Pros: you can exactly decide what keys are used and trusted, without thinking about GnuPG's inner workings. Cons: People tend to modify their keys. Add user ids. Add new subkeys. Expire or revoke subkeys. Revoke userids. (My photo in the key is pretty old by now. :o) Whenever anything of this happens, the key file changes, needs to be re- signed by infra and re-uploaded. 3) Rely on an existing key list somewhere distributed in portage; the list file with the key id's (not the keys themselves) is signed with a master key. Is a mediocre and potentially insecure workaround. Pros: you can exactly decide what keys are used and trusted, without thinking about GnuPG's inner workings. A user can edit his key and the key remains trusted. Cons: Mainly that the key id is a pretty short hash afaik.(Any better-informed people around?) 4) Rely on an existing list of keys somewhere distributed in portage and possibly somewhere else (keyservers); a key userid is signed with a master key. Work with GnuPG's well-tested and well-thought-out trust relationships. Back to start, time to re-read the entire thread... :) Am I missing something? -- Andreas K. Huettel Gentoo Linux developer dilfri...@gentoo.org http://www.akhuettel.de/
signature.asc
Description: This is a digitally signed message part.
