On Wed, 2002-09-25 at 21:27, Volker Quetschke wrote: > Hi Robert, > > Right, well I'll happily run generate checksums of what I download, and > > if the poster to here posts the expected checksums, in a gpg signed > > message, then we can be fairly sure that whomever sent the email, > > created the package files. > > > > Generating trust in a specific GPG signature takes time or a web of > > trust, and is a related-but-separate discussion. I think that my GPG key > > is well associated with me by now :] (Either that, or a very persistence > > mimic :};}). One way would be for maintainers to follow a similar > > approach and consistently sign their emails. YMMV.
> yes, but I need your public key to verify that you are really YOU. > > Where did you put your public key, I tried some keyservers but couldn't > find you. Many "Robert Collins", but not with [EMAIL PROTECTED] . Ah yes, I had not uploaded a recent copy with the appropriate subkeys. I've uploaded a new version, should replicate shortly :}. [EMAIL PROTECTED] is the primary email on the old copy, if you want to grab that. Also, you could try keyserver-options auto-key-retrieve in your gnupg options file, I find it very useful. Cheers, Rob
signature.asc
Description: This is a digitally signed message part
