-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ethan Blanton wrote: > As an interesting contrast, I "trust" the key used to sign Linux > Kernel releases Of course. And that's the very reason why a signature by Nathaniel, given enough time and releases, would be useful to me almost as well as one from Graydon. (with my SCC babble I wasn't implying that it is a way to perfectly trust people around the globe, just to suggest that if he feels it as a "gap to be filled", well, there is people willing to do that near his very city) OTOH you can't, of course, say that Graydon's key, having something *more* can be valued less. At worst, it will be equal if the extra info has 0 value (extra info can't possibly have a negative impact).
The very fact that some 5-10 people are involved in each step of the chain from me to Graydon do not have a value that is absolutely zero, and whether I trust them very much or very little, it can't hurt. Of course, I would never use a GPG signature for anything "serious" unless I have high trust in all of the chain's signers. Anyway, back to the topic of file transfers, I would like as little as a "md5 hash" to verify against, not for security reasons, but mainly just to be sure the download wasn't corrupted. But of course I'd prefer a digital signature from one of the developers ;-) - -- Lapo Luchini [EMAIL PROTECTED] (OpenPGP & X.509) www.lapo.it (Jabber, ICQ, MSN) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJEz9vFAAoJELBiMTth2oCDGV8P/3xF+3GBPKBhDv0pbXch61UU 9sVnRCyvJYJaNEUD8PpSqbgFQ7vR1+/FnM7STy96D6frfhXH2kl7cHhYUurou4IV +bh88/ENOXwCPc83cdxjB5CgYBKVrYdcjg0RM3DpNXDvmnszA5CW6u/3MUtxGYDT 5In45iO8P+5WAPhS2lakKFSlw5zH2reuThEfq17OJgUx7vb0OPWvjNcjjPaz9gjV qcU6FyKn6saJjCqh0lIhBW1fbV2fIWb45Gz/COOkxYA1OTHMGGLxo6Cwx4Rd0BPd zuV2usUSKBsfSrwZb7EL/pVh0T3rVxJnWcQvW8KdaaE+054i+uadQTAJ2ecgfwRR ylX+QChv11ghgIS9bqPRxfg5/K0jLRnRLJH//2oS11HhJFGWlghlr/px5tSzEkYc kAB95zoG76mWr0m27gn/xNgU9XAZrLoBsVdiWR8hTQbCcHNuY1D2Ag6g2cYNRzgI CpcjRH0Wq274kb1/jwCTKG0/QO+LmmaEpLd30HavcQ4Dex5hgfQgrXC53zn9w1Xz FUu5B+L98SwmRjORmYQDb7bd/wC4BoRfLP5WB+8i3E481Cusye/rjkcVpO7R3zQL F5n7jGyNmjwP7KFs36rC0k8ne4bVtjV/qbLjthqErwldkuAenlhsgOgZvPv/qN2H 4niJUIvnwwAdTDmrf5LT =y4nS -----END PGP SIGNATURE----- _______________________________________________ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel
