Hi Michael and Dirk, there are raising concerns that, as of today's computing power, an attacker can generate a GPG key that has the same short ID as a target key. In this situation, it may be possible that a user downloads and trusts the attacker's GPG key, and as a consequence installs malware.
For that reason (better explained in http://lwn.net/Articles/697417/), it is recommended to use long IDs or even full fingerprints. I am therefore suggesting to update the instructions at <https://cran.rstudio.com/bin/linux/ubuntu/>. s/E084DAB9/E298A3A825C0D65DFD57CBB651716619E084DAB9/ (Note that I tested only in Debian Stable, which is one year older as Trusty, so it might be good to doublecheck on a Trusty system that it works as expected.) Have a nice day, Charles -- Charles Plessy Tsurumi, Kanagawa, Japan _______________________________________________ R-SIG-Debian mailing list R-SIG-Debian@r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-debian
