-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, Apr 01, 2007 at 10:16:10PM -0400, cga2000 wrote: > On Sun, Apr 01, 2007 at 08:32:19PM EDT, Michael Pobega wrote: > > On Sun, Apr 01, 2007 at 07:09:55PM -0500, John Hasler wrote: > > > Michael Pobega writes: > > > > Is it a bad practice to verify keyrings of people on the mailing list, > > > > or > > > > is it better to wait until I meet up with some of them at say Debconf or > > > > something similar? > > > > > > Depends on what you mean by "verify". There is nothing wrong with > > > downloading their public keys and using them to verify that all the > > > messages purporting to come from them are indeed signed with the same key > > > and so probably did come from the same person. However, you should not > > > sign someone's key unless you have met them, interviewed them, and > > > examined > > > and verified their credentials. > > > > > > > What exactly is signing a key, and how does it work? > > > > I'd Google it...but I wouldn't know where to start. > > When I can't think of the right keywords to google for straight answers > I usually enter "wiki subject" (with a few variations) on the "advanced > search" screen until I pull out stuff that looks vaguely promising .. > read a few articles .. follow a few links .. etc. try to acquire a bit > of background .. jot down a few buzzwords .. then get back to google > with a better idea what I'm looking for .. start over .. etc. > > Not a magic bullet .. time-consuming .. but in my case this approach > has proved fairly helpful so far. >
Now I'm afraid. http://en.wikipedia.org/wiki/Key_signing_party -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGEGut/o7Q/FCvPe0RAuHmAJ9FHBhgMYeUjggUrTmyujVuMkHJ9QCgjicV /A3GVfL3wnGpltjlNMd89bY= =Ijdj -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
