On Sun, 2010-08-22 at 23:56 +0200, Christoph Anton Mitterer wrote: > On Sun, 2010-08-22 at 14:48 -0700, C.J. Adams-Collier KF7BMP wrote: > > It was published on a CD, signed by Philipp Kern <pk...@debian.org>, a > > Debian Developer whose identity was verified in person by another DD: > And you believe that Philipp has met officials for all the CAs included > in the Mozilla bundle and verified them?
He explicitly states that he has not audited them. > > Mozilla itself just takes them from WebTrust, IIRC,... and we've already > seen recently how securely Mozilla handles this (when they've had a CA > included, from which they didn't even know to whom it belongs). http://www.mozilla.org/projects/security/certs/policy/ > Nevertheless.... I still don't understand what you actually want. The output of the following would be sufficient: $ echo "hello world" | gpg --digest-algo sha256 --clearsign
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
