Hi Robert, > Right, well I'll happily run generate checksums of what I download, and > if the poster to here posts the expected checksums, in a gpg signed > message, then we can be fairly sure that whomever sent the email, > created the package files. > > Generating trust in a specific GPG signature takes time or a web of > trust, and is a related-but-separate discussion. I think that my GPG key > is well associated with me by now :] (Either that, or a very persistence > mimic :};}). One way would be for maintainers to follow a similar > approach and consistently sign their emails. YMMV. yes, but I need your public key to verify that you are really YOU.
Where did you put your public key, I tried some keyservers but couldn't
find you. Many "Robert Collins", but not with [EMAIL PROTECTED] .
Bye
Volker
--
PGP/GPG key (ID: 0x9F8A785D) available from wwwkeys.de.pgp.net
key-fingerprint 550D F17E B082 A3E9 F913 9E53 3D35 C9BA 9F8A 785D
msg09754/pgp00000.pgp
Description: PGP signature
