Michael Pobega writes: > Is it a bad practice to verify keyrings of people on the mailing list, or > is it better to wait until I meet up with some of them at say Debconf or > something similar?
Depends on what you mean by "verify". There is nothing wrong with downloading their public keys and using them to verify that all the messages purporting to come from them are indeed signed with the same key and so probably did come from the same person. However, you should not sign someone's key unless you have met them, interviewed them, and examined and verified their credentials. -- John Hasler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
