On Wed, 2013-08-21 at 16:53 +0200, Jochen Spieker wrote: > Ralf Mardorf: > No. Just because a keyserver happens to serve some key that does not > mean the key is valid.
But if I upload a key it neither would have the same fingerprint, nor fit to the packages. So I must upload a key and then hack the package to do something evil. Sure, if the multimedia guys do something evil, than no key will add security. The key only should ensure that the package is a package from multimedia. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/1377111884.709.16.camel@archlinux
