On Fri, Aug 01, 2008 at 12:07:34PM +0200, Martin Zobel-Helas wrote: > On Fri Aug 01, 2008 at 10:42:52 +0100, Neil Williams wrote: > > > On Sun, Jul 27, 2008 at 03:58:57PM +0100, Neil Williams wrote: > > > > > > * Reinhard Tartler [Wed, Jul 23 2008, 04:36:39PM]:
> > > > > >> > How about activating it the first time they send a gpg-signed > > > mail to > > > > > >> > the mail interface? > > > > How about simply allowing any DD to send gpg-signed email to add > > > ^^ > > > That requires LP to know who is or isn't a DD. Currently it has no > it does or at least it may. > rsync keyring.debian.org::keyrings/keyrings/debian-keyring.gpg > can be synced publicly Well, what trust path does that give us if LP uses rsync to copy the data? It would seem possible for someone to steal a DD's LP account then by MITM'ing this rsync. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
