GPG signatures

Tom Mitchell mitch48 at
Tue Dec 30 21:23:40 UTC 2003

On Tue, 30 Dec 2003, Trevor Smith wrote:
> Agreed. I'm tempted too. All my musings on how relevant signing is if
> you auto-download keys, I like the idea of everyone picking *some*
> "identity" and signing everything. 

This makes sense.  Not because the identity of individual
messages in a public place is important but because a change in
identity signals a potential problem.  There is still a question
about the life of a key and the process for updating to a new key
as all the up2date and yum troubles remind us.

BTW:  There are some quality posters in this group.  If one of
them posted a script that included some questionable command
(more subtle than "rm -r /") I might just go with it. If the
signature check failed then I would be my normal cautious self.

Yea, I suspect I will not use a digital signature on public lists
so that all my readers keep their cautious hat on.  ;-)

	T o m  M i t c h e l l
	mitch48 -a*t- yahoo-dot-com

More information about the users mailing list