peter green dijo [Sun, Aug 31, 2014 at 01:27:11PM +0100]:
> Jonathan McDowell wrote:
> >I would ask that DDs make some effort to help
> >those with weak keys get their new, stronger keys signed. Please sign
> >responsibly[4],
> If you have signed someones old key is it considered "responsible"
> to
On Tue, Sep 02 2014, Manoj Srivastava wrote:
> On Tue, Sep 02 2014, Jeremy T. Bouse wrote:
>
>
>> I don't know how the *-cert-level options in gpg/gpg2 match up with
>> that section RFC480. Actually reading the sections in the man pages it
>> reads very differently.
>
> I stand correc
On Tue, Sep 02 2014, Jeremy T. Bouse wrote:
> I don't know how the *-cert-level options in gpg/gpg2 match up with
> that section RFC480. Actually reading the sections in the man pages it
> reads very differently.
I stand corrected. Now I just need to figure out how to resign
the k
On 09/02/2014 12:28 PM, Manoj Srivastava wrote:
> On Tue, Sep 02 2014, Matthias Urlichs wrote:
>
>> there's a GPG option (via the the *-cert-level options, see 'man gpg')
>> to state how carefully you did verify their identity, but ultimately
>> it's up to you.
>
> That is not how I inter
Manoj Srivastava writes:
> On Tue, Sep 02 2014, Matthias Urlichs wrote:
>> there's a GPG option (via the the *-cert-level options, see 'man gpg')
>> to state how carefully you did verify their identity, but ultimately
>> it's up to you.
>
> That is not how I interpreted that option to mean
On Tue, Sep 02 2014, Matthias Urlichs wrote:
> there's a GPG option (via the the *-cert-level options, see 'man gpg')
> to state how carefully you did verify their identity, but ultimately
> it's up to you.
That is not how I interpreted that option to mean.
,[ http://tools.ietf.org/h
Hi,
Jakub Wilk:
> Do you have any non-joke documentation about signing responsibly?
>
Signing a key is equivalent to saying that you think that the key belongs
to a particular individual and/or identity.
Whether that means "I regularly hang out with them at DebConf" or
"I met them in a keysignin
On Sun, Aug 31, 2014 at 11:07:43AM -0700, Stefano Zacchiroli wrote:
> On Sun, Aug 31, 2014 at 01:27:11PM +0100, peter green wrote:
> > If you have signed someones old key is it considered "responsible" to
> > sign their new key based on a transition statement signed by the old
> > key? or is a new
Hi,
On Sonntag, 31. August 2014, peter green wrote:
> My understanding is that the NSA and similar organisations can probablly
> crack 1024 bit keys but the cost of doing so (assuming there hasn't been
> some secret mathematical breakthrough) is likely sufficiently high that
> it would be cheaper
* Jonathan McDowell , 2014-08-31, 04:31:
Please sign responsibly[4],
[...]
[4] http://xkcd.com/364/
Do you have any non-joke documentation about signing responsibly?
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Co
On Sun, Aug 31, 2014 at 01:27:11PM +0100, peter green wrote:
> If you have signed someones old key is it considered "responsible" to
> sign their new key based on a transition statement signed by the old
> key? or is a new face-to-face meeting required? I've seen plenty of
> (sometimes conflicting)
Jonathan McDowell wrote:
I would ask that DDs make some effort to help
those with weak keys get their new, stronger keys signed. Please sign
responsibly[4],
If you have signed someones old key is it considered "responsible" to
sign their new key based on a transition statement signed by the old
12 matches
Mail list logo
