On Sun, 2009-12-13 at 23:18 +1030, Karl Goetz wrote: > On Sat, 12 Dec 2009 23:17:19 -0500 > Eric Morey <e...@glodime.com> wrote: > > Isn't a wiki an inherently bad place to post a PGP key? How could I > > have any level of trust that it is the correct one? > > if it doesn't match whats signing package lists in the archive its the > wrong key. If someones MITM'd the archive I dont see why www. or wiki. > would be any safer.
It is clear that I don't understand the nuances of cryptographic key signing. Your statement simply doesn't make sense to me. I thought that the purpose of the PGP key was to verify that the packages downloaded are: a) the correct packages and b) downloaded without error. _______________________________________________ gNewSense-users mailing list gNewSense-users@nongnu.org http://lists.nongnu.org/mailman/listinfo/gnewsense-users