On Fri, Aug 01, 2008 at 08:32:52AM -0700, Steve Langasek wrote: > On Fri, Aug 01, 2008 at 12:07:34PM +0200, Martin Zobel-Helas wrote: > > rsync keyring.debian.org::keyrings/keyrings/debian-keyring.gpg > > can be synced publicly > > Well, what trust path does that give us if LP uses rsync to copy the data? > It would seem possible for someone to steal a DD's LP account then by > MITM'ing this rsync. There's an md5sums.txt file included in the rsync (keyrings/md5sums.txt) that will either be signed by me (5B430367) or James Troup (AB2A91F5).
J. -- 101 things you can't have too much of : 11 - Coffee. This .sig brought to you by the letter J and the number 47 Product of the Republic of HuggieTag -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
