at least 4096 bits.`
>
> Has anyone got a suggestion on what the best next step to take is?
>
> [1]
> https://salsa.debian.org/debian-keyring/keyring/-/blob/master/debian-maintainers-gpg/0x03A1FB7A1904771B
Mentors tries to enforce strong GPG key for newcomers, hence the error
you
Hi all,
After a little inactivty uploading to mentors.debian.net (I've been working on
packages I've got upload rights on), I had a new package rejected with the
following error yesterday.
`Unable to verify file fbb_7.010-1_source.changes. No public key found for key
On Thu, May 02, 2019 at 06:56:53AM +0200, Mechtilde wrote:
> Am 01.05.19 um 23:53 schrieb Tong Sun:
> > On Wed, May 1, 2019 at 3:50 PM Shreyas Bapat wrote:
> >> I made a stop for good, and departed from the train station in a very
> >> little time towards the destination. :)
> >
> > , I view
Hi all,
I am really sorry if I posted something inappropriate in the mailing list.
Although I got everything to work and took the response of Geert very
positively.
I am really sorry of I caused some trouble!
Thankyou
Shreyas
On Thu, May 2, 2019 at 12:26 PM Andrey Rahmatullin wrote:
> On
On Thu, May 02, 2019 at 08:49:56AM +0200, Dominik George wrote:
> >To show where you can find the information is more helpful than to one
> >specific inforamtion.
>
> Except that the needed information - how to get debsign to find the correct
> key - cannot be found where the newcomer was
>To show where you can find the information is more helpful than to one
>specific inforamtion.
Except that the needed information - how to get debsign to find the correct key
- cannot be found where the newcomer was pointed.
-nik
Hello,
Am 01.05.19 um 23:53 schrieb Tong Sun:
> On Wed, May 1, 2019 at 3:50 PM Shreyas Bapat wrote:
>
>> I made a stop for good, and departed from the train station in a very little
>> time towards the destination. :)
>
> , I view such departure as the result of poking fun at the
>
On 5/1/19 6:53 PM, Tong Sun wrote:
> On Wed, May 1, 2019 at 3:50 PM Shreyas Bapat wrote:
>
>> I made a stop for good, and departed from the train station in a very little
>> time towards the destination. :)
> , I view such departure as the result of poking fun at the
> new-comers, instead of
On Wed, May 1, 2019 at 3:50 PM Shreyas Bapat wrote:
> I made a stop for good, and departed from the train station in a very little
> time towards the destination. :)
, I view such departure as the result of poking fun at the
new-comers, instead of giving them direct answers -- direct answers
I made a stop for good, and departed from the train station in a very
little time towards the destination. :)
Thanks a lot Geert!
With Warm Regards,
Shreyas Bapat
IIT Mandi
Ph: (+91) 97362-10570
Email: b16...@students.iitmandi.ac.in
Web: https://students.iitmandi.ac.in/~b16145/
On Thu, May
On Thu, May 02, 2019 at 12:00:05AM +0530, Shreyas Bapat wrote:
> Hi,
>
> I am packaging einsteinpy for debian.
> And I am facing this issue. Can someone please help?
>
> Now signing changes and any dsc files...
> signfile dsc einsteinpy_0.1.0+dfsg-1.dsc Shreyas Bapat <
>
Hi,
I am packaging einsteinpy for debian.
And I am facing this issue. Can someone please help?
Now signing changes and any dsc files...
signfile dsc einsteinpy_0.1.0+dfsg-1.dsc Shreyas Bapat <
bapat.shre...@gmail.com>
gpg: skipped "Shreyas Bapat ": No secret key
gpg:
On Sun, 2016-07-10 at 18:39 -0400, Paul Elliott wrote:
> I am looking at upgrading my gpg key.
>
> What parameters should I use?
[1] has a guide which options to use to make sure that you use strong
hashes for the (self-)signatures on your key. I'm not sure if GnuPG
upstream ha
Hi,
>I am looking at upgrading my gpg key.
>
>What parameters should I use?
>
>Is there a standard way to get all the people that signed
>the old key to sign the new key?
some general answering should tell that it is up to the developers to
sign the new one, or ask you
On 2016-07-10 at 22:53:46 +, Sean Whitton wrote:
> - https://debian-administration.org/users/dkg/weblog/48
> - https://help.riseup.net/en/security/message-security/openpgp/best-practices
> - the hopenpgp-tools package to check your key -- very useful!
I would also recommend:
Hello,
On Sun, Jul 10, 2016 at 06:39:27PM -0400, Paul Elliott wrote:
> I am looking at upgrading my gpg key.
>
> What parameters should I use?
Do you mean increasing the key length, or other stuff too?
For the other stuff, here are some nice links:
- https://debian-administration.org/
I am looking at upgrading my gpg key.
What parameters should I use?
Is there a standard way to get all the people that signed
the old key to sign the new key?
Thank You.
--
Paul Elliott 1(512)837-1096
pelli...@blackpatchpanel.com 3300 Plaza Drive
If you still need your GPG key signed by two Debian
Developers and live near enough to get to Blacksburg,
Virginia, then DDs Jon Bernard and Thaddeus H. Black
will sign your key there March 25. Feel free to attend.
We would be pleased to have you.
Date: Tues., March 25, 2014
Time: 4:30 p.m
Le Thu, Sep 24, 2009 at 11:49:26PM +0400, Alexander Inyukhin a écrit :
My old GPG key is getting expired soon, so I create a new one
following instructions described in [1], and I upload it to d.m.n.
Should I re-upload my package now? Should I increment a version
number of the package
Hello!
My old GPG key is getting expired soon, so I create a new one
following instructions described in [1], and I upload it to d.m.n.
Should I re-upload my package now? Should I increment a version
number of the package and post a new RFS?
Thanks.
[1] http://www.debian-administration.org
On Wed, Feb 20, 2008 at 04:23:03PM +0100, David Paleino wrote:
is there any procedure to follow in case one needs to revoke his GPG
key (thus creating a new one)?
I mean, I have some packages in Debian, which are signed by my current
key (0x1392B174).
Packages in Debian are signed by a DD
Hi all,
is there any procedure to follow in case one needs to revoke his GPG key (thus
creating a new one)?
I mean, I have some packages in Debian, which are signed by my current key
(0x1392B174). Is it sufficient to start signing new packages with my new key?
I've also applied NM, but I'm
Hello,
On Wed, 20 Feb 2008, David Paleino wrote:
is there any procedure to follow in case one needs to revoke his GPG key (thus
creating a new one)?
I mean, I have some packages in Debian, which are signed by my current key
(0x1392B174). Is it sufficient to start signing new packages
Il giorno Wed, 20 Feb 2008 21:39:17 +0530
Kapil Hari Paranjape [EMAIL PROTECTED] ha scritto:
Hello,
Hi Kapil,
The only real reason to revoke the primary GPG key would be when
there are security concerns about it like:
1. You feel that you have chosen a key size which is too
Hello David,
On Wed, 20 Feb 2008, David Paleino wrote:
I've somehow lost my private key for encryption. That is, I can sign anything,
also encrypt, but not decrypt anything encrypted with my key.
I've already added a new encryption sub-key (and works), but having lost the
private part for
Il giorno Wed, 20 Feb 2008 22:08:57 +0530
Kapil Hari Paranjape [EMAIL PROTECTED] ha scritto:
Its a while since I played around with GPG but IIRC, the sub-keys are
signed (and thus revoked) by the signing key. So having access to the
signing key ought to be enough to generate a revocation
Hello my name is Mihai Felseghi and I write this message to you
because I didm't find a Debian Developer near me to sign my key ,so I
don't know how to get it signed.So please tell me what to do to get my
key signed?
All the best!
Mihai Felseghi.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
On Thu, Jun 22, 2006 at 04:54:03PM +0300, Mihai Felseghi wrote:
Hello my name is Mihai Felseghi and I write this message to you
because I didm't find a Debian Developer near me to sign my key ,so I
don't know how to get it signed.So please tell me what to do to get my
key signed?
Hi,
It
I live in Romania Arad county to be precised and I could not find a DD
near me and meet him in person that's why I wrotethis message to th
list to find out how I can get the key signed.
PS: And yes I want to become a DD and I already addopted 2 packages
and packaged the third.
On 6/22/06, Bas
Hi Mihai,
Remember, i offered to sign your key if you come to Timisoara.
Cheers,
Radu
Mihai Felseghi wrote:
Hello my name is Mihai Felseghi and I write this message to you
because I didm't find a Debian Developer near me to sign my key ,so I
don't know how to get it signed.So please tell me
Hi.
I know that this is not strictly debian related (he, but I found out
looking at my qa.d.o page): My gpg key seems to have been removed from
the public servers (e.g. pgp.earth.li) recently. Does anyone know why
such things happen?
Kind regards
Thomas
--
Thomas Viehmann, http://beamnet.de
On Thu, Mar 11, 2004 at 06:12:21PM +0100, Thomas Viehmann wrote:
I know that this is not strictly debian related (he, but I found out
looking at my qa.d.o page): My gpg key seems to have been removed from
the public servers (e.g. pgp.earth.li) recently. Does anyone know why
such things
Hallo Thomas,
* Thomas Viehmann [EMAIL PROTECTED] [2004-03-11 20:16]:
I know that this is not strictly debian related (he, but I found out
looking at my qa.d.o page): My gpg key seems to have been removed from
the public servers (e.g. pgp.earth.li) recently. Does anyone know why
such things
Hallo Thomas,
* Thomas Viehmann [EMAIL PROTECTED] [2004-03-11 20:16]:
I know that this is not strictly debian related (he, but I found out
looking at my qa.d.o page): My gpg key seems to have been removed from
the public servers (e.g. pgp.earth.li) recently. Does anyone know why
such things
Hi,
I was recently accepted as a Debian developer. Among the first things I
understand I should do is to update my GPG key in order to include my
debian.org address - But I suppose this identity must then be signed by
other members of Debian, right? I understand the tight requirements
Gunnar Wolf [EMAIL PROTECTED] schrieb am Mon, Apr 21, 2003 at 06:07:36PM
-0500:
I was recently accepted as a Debian developer. Among the first things I
con-gratulations! :-)
understand I should do is to update my GPG key in order to include my
debian.org address - But I suppose this identity
I was recently accepted as a Debian developer. Among the first things I
con-gratulations! :-)
Yup... Long process, big satisfaction! ;-)
understand I should do is to update my GPG key in order to include my
debian.org address - But I suppose this identity must then be signed by
other
(I'm asking this because I want to be really sure that my key
still works after the current expire date, there has been a lot
of key-discussions, expiration date and such.)
My key is about to expire in a few months, is it
enough to update the expiration date and submit it to the key server?
Do
Hi Jörgen,
On Mon, Feb 24, 2003 at 03:16:06PM +0100, Jörgen Hägg wrote:
(I'm asking this because I want to be really sure that my key
still works after the current expire date, there has been a lot
of key-discussions, expiration date and such.)
My key is about to expire in a few months, is
(I'm asking this because I want to be really sure that my key
still works after the current expire date, there has been a lot
of key-discussions, expiration date and such.)
My key is about to expire in a few months, is it
enough to update the expiration date and submit it to the key server?
Do
Hi Jörgen,
On Mon, Feb 24, 2003 at 03:16:06PM +0100, Jörgen Hägg wrote:
(I'm asking this because I want to be really sure that my key
still works after the current expire date, there has been a lot
of key-discussions, expiration date and such.)
My key is about to expire in a few months, is
Osamu Aoki wrote:
On Wed, Dec 04, 2002 at 03:05:57AM +0100, Rene Engelhard wrote:
which have that address in it.
I sign a uid when these uid's address is not bouncing and the person who
claims to belong to this key answers a message encrypted to him sent
to the specific uid. If the
others when signing, and that is
okay. but the onus is always on the signer to verify that the facts as
she understands them are true.
Sure I agree in your point of due dilligence. (I said a bit.)
I do not want to make life any harder for the people signing my GPG key
either.
I think
On Wed, Dec 04, 2002 at 11:09:09AM -0800, Osamu Aoki wrote:
I do not want to make life any harder for the people signing my GPG key
either.
It's a reasonable thing to check whether an email-address is valid
before signing it IMHO.
Michael
--
weasel we should propose to rename the FSG to DFSG
On Wed, Dec 04, 2002 at 08:12:37PM +0100, Michael Banck wrote:
On Wed, Dec 04, 2002 at 11:09:09AM -0800, Osamu Aoki wrote:
I do not want to make life any harder for the people signing my GPG key
either.
It's a reasonable thing to check whether an email-address is valid
before signing
Osamu Aoki wrote:
On Wed, Dec 04, 2002 at 03:05:57AM +0100, Rene Engelhard wrote:
which have that address in it.
I sign a uid when these uid's address is not bouncing and the person who
claims to belong to this key answers a message encrypted to him sent
to the specific uid. If the
others when signing, and that is
okay. but the onus is always on the signer to verify that the facts as
she understands them are true.
Sure I agree in your point of due dilligence. (I said a bit.)
I do not want to make life any harder for the people signing my GPG key
either.
I think
On Wed, Dec 04, 2002 at 11:09:09AM -0800, Osamu Aoki wrote:
I do not want to make life any harder for the people signing my GPG key
either.
It's a reasonable thing to check whether an email-address is valid
before signing it IMHO.
Michael
--
weasel we should propose to rename the FSG to DFSG
On Wed, Dec 04, 2002 at 08:12:37PM +0100, Michael Banck wrote:
On Wed, Dec 04, 2002 at 11:09:09AM -0800, Osamu Aoki wrote:
I do not want to make life any harder for the people signing my GPG key
either.
It's a reasonable thing to check whether an email-address is valid
before signing
When signing a GPG key, is it better to sign all of its uids, or
just an uid that I see relevant (such as the @debian.org one)?
I usually meet someone, get a hardcopy of the key fingerprint,
the e-mail address and so on, then check it later and sign the uid
which have that address
Oohara Yuuma wrote:
When signing a GPG key, is it better to sign all of its uids, or
just an uid that I see relevant (such as the @debian.org one)?
I usually meet someone, get a hardcopy of the key fingerprint,
the e-mail address and so on, then check it later and sign the uid
which have
Hi,
On Wed, Dec 04, 2002 at 03:05:57AM +0100, Rene Engelhard wrote:
Hi,
Oohara Yuuma wrote:
When signing a GPG key, is it better to sign all of its uids, or
just an uid that I see relevant (such as the @debian.org one)?
I usually meet someone, get a hardcopy of the key fingerprint
On Tue, Dec 03, 2002 at 07:26:48PM -0800, Richard A. Hecker wrote:
Oohara Yuuma wrote:
When signing a GPG key, is it better to sign all of its uids, or
just an uid that I see relevant (such as the @debian.org one)?
I usually meet someone, get a hardcopy of the key fingerprint,
the e
When signing a GPG key, is it better to sign all of its uids, or
just an uid that I see relevant (such as the @debian.org one)?
I usually meet someone, get a hardcopy of the key fingerprint,
the e-mail address and so on, then check it later and sign the uid
which have that address
Hi,
Oohara Yuuma wrote:
When signing a GPG key, is it better to sign all of its uids, or
just an uid that I see relevant (such as the @debian.org one)?
I usually meet someone, get a hardcopy of the key fingerprint,
the e-mail address and so on, then check it later and sign the uid
which have
Oohara Yuuma wrote:
When signing a GPG key, is it better to sign all of its uids, or
just an uid that I see relevant (such as the @debian.org one)?
I usually meet someone, get a hardcopy of the key fingerprint,
the e-mail address and so on, then check it later and sign the uid
which have
Hi,
On Wed, Dec 04, 2002 at 03:05:57AM +0100, Rene Engelhard wrote:
Hi,
Oohara Yuuma wrote:
When signing a GPG key, is it better to sign all of its uids, or
just an uid that I see relevant (such as the @debian.org one)?
I usually meet someone, get a hardcopy of the key fingerprint
On Tue, Dec 03, 2002 at 07:26:48PM -0800, Richard A. Hecker wrote:
Oohara Yuuma wrote:
When signing a GPG key, is it better to sign all of its uids, or
just an uid that I see relevant (such as the @debian.org one)?
I usually meet someone, get a hardcopy of the key fingerprint,
the e
Hi Steve!
On Mon, 17 Jun 2002, Steve Langasek wrote:
On Mon, Jun 17, 2002 at 10:53:19PM -0400, B. L. Jilek wrote:
Hi Stephen!
On Mon, 17 Jun 2002, Stephen Stafford wrote:
On Tue, Jun 18, 2002 at 12:07:56AM +0200, Rene Engelhard wrote:
Paul Cupis wrote:
Duncan Findlay wrote:
However, [EMAIL PROTECTED] is no longer a valid e-mail address. Should I
delete the uid, even though it is the only signed uid, or should I
leave it, even though the e-mail is not valid?
Deleting uids IIRC is *not* possible, it can be that it reappears
through the
On Mon, Jun 17, 2002 at 07:21:39PM +0200, Rene Engelhard wrote:
Deleting uids IIRC is *not* possible, it can be that it reappears
through the synching of the keyservers.
I *think* it's possible to generate a revocation certificate, though,
for just one UID. I'm not entirely sure, though.
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Monday 17 June 2002 19:02, Bill Jonas wrote:
On Mon, Jun 17, 2002 at 07:21:39PM +0200, Rene Engelhard wrote:
Deleting uids IIRC is *not* possible, it can be that it reappears
through the synching of the keyservers.
I *think* it's possible to
Paul Cupis wrote:
Present a menu which enables you to do all key
related tasks:
revsigRevoke a signature. GnuPG asks for
every signature which has been done by
one of the
On Tue, Jun 18, 2002 at 12:07:56AM +0200, Rene Engelhard wrote:
Paul Cupis wrote:
Present a menu which enables you to do all key
related tasks:
revsigRevoke a signature. GnuPG asks for
every
On Tue, Jun 18, 2002 at 12:07:56AM +0200, Rene Engelhard wrote:
Paul Cupis wrote:
Present a menu which enables you to do all key
related tasks:
revsigRevoke a signature. GnuPG asks for
every
On Tue, Jun 18, 2002 at 12:07:56AM +0200, Rene Engelhard wrote:
Paul Cupis wrote:
So it looks like you can generate a revokation certificate for a particular
signature.
^
Yes, you can revoke a _signature_. But that was not the question. He
wanted to remove one of his _uid_'s.
Hi Stephen!
On Mon, 17 Jun 2002, Stephen Stafford wrote:
On Tue, Jun 18, 2002 at 12:07:56AM +0200, Rene Engelhard wrote:
Paul Cupis wrote:
Present a menu which enables you to do all key
related tasks:
revsigRevoke a
On Mon, Jun 17, 2002 at 10:53:19PM -0400, B. L. Jilek wrote:
Hi Stephen!
On Mon, 17 Jun 2002, Stephen Stafford wrote:
On Tue, Jun 18, 2002 at 12:07:56AM +0200, Rene Engelhard wrote:
Paul Cupis wrote:
Present a menu which enables you to do all key
My GPG key currently is:
pub 1024D/6BE69CD0 2001-06-20 Duncan Findlay [EMAIL PROTECTED]
sig 3 6BE69CD0 2002-05-12 Duncan Findlay [EMAIL PROTECTED]
uidDuncan Findlay [EMAIL PROTECTED]
sig 3 6BE69CD0 2001-09-22 Duncan Findlay [EMAIL PROTECTED]
sig
Hi,
I wonder if it is acceptable to sign a key from someone that :
- I meet him personnaly and saw his ID
- I saw him in a public meeting in a specific role (We can consider he
is well known)
- I have a lot of public mails from him that are all signed
But the key makes no references to his
On Thu, Apr 25, 2002 at 10:04:20AM -0400, christophe barbé wrote:
I wonder if it is acceptable to sign a key from someone that :
- I meet him personnaly and saw his ID
- I saw him in a public meeting in a specific role (We can consider he
is well known)
- I have a lot of public mails
On Thu, Apr 25, 2002 at 10:04:20AM -0400, christophe barb? wrote:
I wonder if it is acceptable to sign a key from someone that :
[irrelevent stuff]
But the key makes no references to his name.
In my understanding the ID is useless but I have enough element to
believe he is the guy he
I forgot to mention that we exchanged encrypted secret words and that I
check the fingerprint when I meet him.
He use his email address in his gpg key but his email address is not
related to his name.
I am sure he is the guy behind the key.
I started this thread because of the debian
christophe barbé [EMAIL PROTECTED] writes:
I forgot to mention that we exchanged encrypted secret words and that I
check the fingerprint when I meet him.
He use his email address in his gpg key but his email address is not
related to his name.
I am sure he is the guy behind the key.
I
On Thu, Apr 25, 2002 at 10:56:31AM -0400, christophe barbé wrote:
I forgot to mention that we exchanged encrypted secret words and that I
check the fingerprint when I meet him.
He use his email address in his gpg key but his email address is not
related to his name.
I am sure he
On Thu, Apr 25, 2002 at 10:04:39AM -0500, Steve Langasek wrote:
I still don't understand what you mean by a 'without-ID key'. It's
difficult to give you a clear answer unless you can give us tangible
information. A PGP uid has three parts to it: a name, an email address,
and a comment.
On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
Upon rereading, I see what you're asking here. You're worried that if
you sign a uid that doesn't have his name on it, and he adds another uid
later that does have a name on it (not necessarily his), this will
mistakenly be
On Thu, Apr 25, 2002 at 10:50:43AM -0400, Chad Miller wrote:
No! One doesn't really sign keys. One signs identification. If you meet
someone, your goal is to match the picture ID with the face, and the name on
the ID with the UID in the keyring. Just because we meet, and I show you
an ID
On Thu, Apr 25, 2002 at 11:20:30AM -0400, christophe barbé wrote:
On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
Upon rereading, I see what you're asking here. You're worried that if
you sign a uid that doesn't have his name on it, and he adds another uid
later that does
On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
He use his email address in his gpg key but his email address is not
related to his name.
I am sure he is the guy behind the key.
I started this thread because of the debian implication.
I believe that from the pure
On Thu, Apr 25, 2002 at 11:22:50AM -0400, christophe barb? wrote:
IDs are easily forged. I am sure of that since I have see how it works
To misquote Old Man Murray, it's better than relying on scent.
IDs are the best thing we have for identifying the person's real name,
and real names are
[EMAIL PROTECTED] said:
Should I sign his key ?
No. Request that he adds an UID to his key with his name as it appears on
his documents (the name that he would have in a international travel pass,
for example), and sign THAT UID (and any others you have verified to be
completely true).
I
On Thu, Apr 25, 2002 at 05:38:40PM -0400, Jason Lunz wrote:
I think this needs more consideration. What is being signed into the
trust web is an identity. That can (and should) be independent of real
name. Why? Because there are people in the world who live in countries
or situations where
On Thu, 25 Apr 2002, Jason Lunz wrote:
trust web is an identity. That can (and should) be independent of real
name. Why? Because there are people in the world who live in countries
or situations where they cannot safely reveal their real life identity.
Join the cDc then, but not Debian.
--
On Thu, Apr 25, 2002 at 10:04:20AM -0400, christophe barbé wrote:
I wonder if it is acceptable to sign a key from someone that :
- I meet him personnaly and saw his ID
- I saw him in a public meeting in a specific role (We can consider he
is well known)
- I have a lot of public mails from
On Thu, Apr 25, 2002 at 10:04:20AM -0400, christophe barb? wrote:
I wonder if it is acceptable to sign a key from someone that :
[irrelevent stuff]
But the key makes no references to his name.
In my understanding the ID is useless but I have enough element to
believe he is the guy he said
I forgot to mention that we exchanged encrypted secret words and that I
check the fingerprint when I meet him.
He use his email address in his gpg key but his email address is not
related to his name.
I am sure he is the guy behind the key.
I started this thread because of the debian
On Thu, Apr 25, 2002 at 10:56:31AM -0400, christophe barbé wrote:
I forgot to mention that we exchanged encrypted secret words and that I
check the fingerprint when I meet him.
He use his email address in his gpg key but his email address is not
related to his name.
I am sure he is the guy
christophe barbé [EMAIL PROTECTED] writes:
I forgot to mention that we exchanged encrypted secret words and that I
check the fingerprint when I meet him.
He use his email address in his gpg key but his email address is not
related to his name.
I am sure he is the guy behind the key.
I
On Thu, Apr 25, 2002 at 10:56:31AM -0400, christophe barbé wrote:
I forgot to mention that we exchanged encrypted secret words and that I
check the fingerprint when I meet him.
He use his email address in his gpg key but his email address is not
related to his name.
I am sure he is the guy
On Thu, Apr 25, 2002 at 10:04:39AM -0500, Steve Langasek wrote:
I still don't understand what you mean by a 'without-ID key'. It's
difficult to give you a clear answer unless you can give us tangible
information. A PGP uid has three parts to it: a name, an email address,
and a comment. What
On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
Upon rereading, I see what you're asking here. You're worried that if
you sign a uid that doesn't have his name on it, and he adds another uid
later that does have a name on it (not necessarily his), this will
mistakenly be
On Thu, Apr 25, 2002 at 10:50:43AM -0400, Chad Miller wrote:
No! One doesn't really sign keys. One signs identification. If you meet
someone, your goal is to match the picture ID with the face, and the name on
the ID with the UID in the keyring. Just because we meet, and I show you
an ID
On Thu, Apr 25, 2002 at 11:20:30AM -0400, christophe barbé wrote:
On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
Upon rereading, I see what you're asking here. You're worried that if
you sign a uid that doesn't have his name on it, and he adds another uid
later that does
On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
He use his email address in his gpg key but his email address is not
related to his name.
I am sure he is the guy behind the key.
I started this thread because of the debian implication.
I believe that from the pure 'web
On Thu, Apr 25, 2002 at 11:22:50AM -0400, christophe barb? wrote:
IDs are easily forged. I am sure of that since I have see how it works
To misquote Old Man Murray, it's better than relying on scent.
IDs are the best thing we have for identifying the person's real name,
and real names are
On Thu, 25 Apr 2002, christophe barbé wrote:
But the key makes no references to his name.
[...]
Should I sign his key ?
No. Request that he adds an UID to his key with his name as it appears on
his documents (the name that he would have in a international travel pass,
for example), and sign
[EMAIL PROTECTED] said:
Should I sign his key ?
No. Request that he adds an UID to his key with his name as it appears on
his documents (the name that he would have in a international travel pass,
for example), and sign THAT UID (and any others you have verified to be
completely true).
I
On Thu, Apr 25, 2002 at 05:38:40PM -0400, Jason Lunz wrote:
I think this needs more consideration. What is being signed into the
trust web is an identity. That can (and should) be independent of real
name. Why? Because there are people in the world who live in countries
or situations where
On Thu, 25 Apr 2002, Jason Lunz wrote:
trust web is an identity. That can (and should) be independent of real
name. Why? Because there are people in the world who live in countries
or situations where they cannot safely reveal their real life identity.
Join the cDc then, but not Debian.
--
1 - 100 of 188 matches
Mail list logo
