> So i mean, sure, i can definitely imagine a company doing it the way you > describe. I just don't think it's a good business practice.
Unfortunately, the world doesn't much care what we think of as good business practices. And why should they? We're nerds -- we understand technology, perhaps, but odds are good few if any of us have ever sat at the CIO/CTO/CSO level. On what expertise do we declare it to be "not good business practice"? I agree that this is not the sort of business practice I would like to see, but I'm not willing to go out on the limb with you and to declare it a bad business practice. And regardless of whether it's a good practice or a bad one, I've worked in businesses that have done exactly this -- so it's a real-world example that demonstrates the occasional need for a third party to possess signing keys. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
