size too small. Need at least 4096 bits.`
>
> Has anyone got a suggestion on what the best next step to take is?
>
> [1]
> https://salsa.debian.org/debian-keyring/keyring/-/blob/master/debian-maintainers-gpg/0x03A1FB7A1904771B
Mentors tries to enforce strong GPG key for newcomers,
Hi all,
After a little inactivty uploading to mentors.debian.net (I've been working on
packages I've got upload rights on), I had a new package rejected with the
following error yesterday.
`Unable to verify file fbb_7.010-1_source.changes. No public key found for key
473487E7AA5AFB305FADED4089
On Thu, May 02, 2019 at 06:56:53AM +0200, Mechtilde wrote:
> Am 01.05.19 um 23:53 schrieb Tong Sun:
> > On Wed, May 1, 2019 at 3:50 PM Shreyas Bapat wrote:
> >> I made a stop for good, and departed from the train station in a very
> >> little time towards the destination. :)
> >
> > , I view such
Hi all,
I am really sorry if I posted something inappropriate in the mailing list.
Although I got everything to work and took the response of Geert very
positively.
I am really sorry of I caused some trouble!
Thankyou
Shreyas
On Thu, May 2, 2019 at 12:26 PM Andrey Rahmatullin wrote:
> On Th
On Thu, May 02, 2019 at 08:49:56AM +0200, Dominik George wrote:
> >To show where you can find the information is more helpful than to one
> >specific inforamtion.
>
> Except that the needed information - how to get debsign to find the correct
> key - cannot be found where the newcomer was pointed
>To show where you can find the information is more helpful than to one
>specific inforamtion.
Except that the needed information - how to get debsign to find the correct key
- cannot be found where the newcomer was pointed.
-nik
Hello,
Am 01.05.19 um 23:53 schrieb Tong Sun:
> On Wed, May 1, 2019 at 3:50 PM Shreyas Bapat wrote:
>
>> I made a stop for good, and departed from the train station in a very little
>> time towards the destination. :)
>
> , I view such departure as the result of poking fun at the
> new-comers,
On 5/1/19 6:53 PM, Tong Sun wrote:
> On Wed, May 1, 2019 at 3:50 PM Shreyas Bapat wrote:
>
>> I made a stop for good, and departed from the train station in a very little
>> time towards the destination. :)
> , I view such departure as the result of poking fun at the
> new-comers, instead of giv
On Wed, May 1, 2019 at 3:50 PM Shreyas Bapat wrote:
> I made a stop for good, and departed from the train station in a very little
> time towards the destination. :)
, I view such departure as the result of poking fun at the
new-comers, instead of giving them direct answers -- direct answers
lik
I made a stop for good, and departed from the train station in a very
little time towards the destination. :)
Thanks a lot Geert!
With Warm Regards,
Shreyas Bapat
IIT Mandi
Ph: (+91) 97362-10570
Email: b16...@students.iitmandi.ac.in
Web: https://students.iitmandi.ac.in/~b16145/
On Thu, May 2,
On Thu, May 02, 2019 at 12:00:05AM +0530, Shreyas Bapat wrote:
> Hi,
>
> I am packaging einsteinpy for debian.
> And I am facing this issue. Can someone please help?
>
> Now signing changes and any dsc files...
> signfile dsc einsteinpy_0.1.0+dfsg-1.dsc Shreyas Bapat <
> bapat.shre...@gmail.com>
Hi,
I am packaging einsteinpy for debian.
And I am facing this issue. Can someone please help?
Now signing changes and any dsc files...
signfile dsc einsteinpy_0.1.0+dfsg-1.dsc Shreyas Bapat <
bapat.shre...@gmail.com>
gpg: skipped "Shreyas Bapat ": No secret key
gpg: /tmp/debsign.KQeyHXXA/einste
On Sun, 2016-07-10 at 18:39 -0400, Paul Elliott wrote:
> I am looking at upgrading my gpg key.
>
> What parameters should I use?
[1] has a guide which options to use to make sure that you use strong
hashes for the (self-)signatures on your key. I'm not sure if GnuPG
upstream has
Hi,
>I am looking at upgrading my gpg key.
>
>What parameters should I use?
>
>Is there a standard way to get all the people that signed
>the old key to sign the new key?
some general answering should tell that it is up to the developers to
sign the new one, or ask you
On 2016-07-10 at 22:53:46 +, Sean Whitton wrote:
> - https://debian-administration.org/users/dkg/weblog/48
> - https://help.riseup.net/en/security/message-security/openpgp/best-practices
> - the hopenpgp-tools package to check your key -- very useful!
I would also recommend:
https://wiki.debi
Hello,
On Sun, Jul 10, 2016 at 06:39:27PM -0400, Paul Elliott wrote:
> I am looking at upgrading my gpg key.
>
> What parameters should I use?
Do you mean increasing the key length, or other stuff too?
For the other stuff, here are some nice links:
- https://debian-administration.org/
I am looking at upgrading my gpg key.
What parameters should I use?
Is there a standard way to get all the people that signed
the old key to sign the new key?
Thank You.
--
Paul Elliott 1(512)837-1096
pelli...@blackpatchpanel.com 3300 Plaza Drive
If you still need your GPG key signed by two Debian
Developers and live near enough to get to Blacksburg,
Virginia, then DDs Jon Bernard and Thaddeus H. Black
will sign your key there March 25. Feel free to attend.
We would be pleased to have you.
Date: Tues., March 25, 2014
Time: 4:30 p.m
Le Thu, Sep 24, 2009 at 11:49:26PM +0400, Alexander Inyukhin a écrit :
>
> My old GPG key is getting expired soon, so I create a new one
> following instructions described in [1], and I upload it to d.m.n.
> Should I re-upload my package now? Should I increment a version
> number
Hello!
My old GPG key is getting expired soon, so I create a new one
following instructions described in [1], and I upload it to d.m.n.
Should I re-upload my package now? Should I increment a version
number of the package and post a new RFS?
Thanks.
[1] http://www.debian-administration.org
Il giorno Wed, 20 Feb 2008 22:08:57 +0530
Kapil Hari Paranjape <[EMAIL PROTECTED]> ha scritto:
> Its a while since I played around with GPG but IIRC, the sub-keys are
> signed (and thus revoked) by the signing key. So having access to the
> signing key ought to be enough to generate a revocation c
Hello David,
On Wed, 20 Feb 2008, David Paleino wrote:
> I've somehow lost my private key for encryption. That is, I can sign anything,
> also encrypt, but not decrypt anything encrypted with my key.
>
> I've already added a new encryption sub-key (and works), but having lost the
> private part f
Il giorno Wed, 20 Feb 2008 21:39:17 +0530
Kapil Hari Paranjape <[EMAIL PROTECTED]> ha scritto:
> Hello,
Hi Kapil,
> The only real reason to revoke the primary GPG key would be when
> there are security concerns about it like:
> 1. You feel that you have chosen a key
Hello,
On Wed, 20 Feb 2008, David Paleino wrote:
> is there any procedure to follow in case one needs to revoke his GPG key (thus
> creating a new one)?
>
> I mean, I have some packages in Debian, which are signed by my current key
> (0x1392B174). Is it sufficient to start signi
On Wed, Feb 20, 2008 at 04:23:03PM +0100, David Paleino wrote:
> is there any procedure to follow in case one needs to revoke his GPG
> key (thus creating a new one)?
>
> I mean, I have some packages in Debian, which are signed by my current
> key (0x1392B174).
Packages in Debian
Hi all,
is there any procedure to follow in case one needs to revoke his GPG key (thus
creating a new one)?
I mean, I have some packages in Debian, which are signed by my current key
(0x1392B174). Is it sufficient to start signing new packages with my new key?
I've also applied NM, but I&#x
Hi Mihai,
Remember, i offered to sign your key if you come to Timisoara.
Cheers,
Radu
Mihai Felseghi wrote:
> Hello my name is Mihai Felseghi and I write this message to you
> because I didm't find a Debian Developer near me to sign my key ,so I
> don't know how to get it signed.So please tell
I live in Romania Arad county to be precised and I could not find a DD
near me and meet him in person that's why I wrotethis message to th
list to find out how I can get the key signed.
PS: And yes I want to become a DD and I already addopted 2 packages
and packaged the third.
On 6/22/06, Bas Wij
On Thu, Jun 22, 2006 at 04:54:03PM +0300, Mihai Felseghi wrote:
> Hello my name is Mihai Felseghi and I write this message to you
> because I didm't find a Debian Developer near me to sign my key ,so I
> don't know how to get it signed.So please tell me what to do to get my
> key signed?
Hi,
It
Hello my name is Mihai Felseghi and I write this message to you
because I didm't find a Debian Developer near me to sign my key ,so I
don't know how to get it signed.So please tell me what to do to get my
key signed?
All the best!
Mihai Felseghi.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
w
Hallo Thomas,
* Thomas Viehmann <[EMAIL PROTECTED]> [2004-03-11 20:16]:
> I know that this is not strictly debian related (he, but I found out
> looking at my qa.d.o page): My gpg key seems to have been removed from
> the public servers (e.g. pgp.earth.li) recently. Does anyone
On Thu, Mar 11, 2004 at 06:12:21PM +0100, Thomas Viehmann wrote:
> I know that this is not strictly debian related (he, but I found out
> looking at my qa.d.o page): My gpg key seems to have been removed from
> the public servers (e.g. pgp.earth.li) recently. Does anyone know why
>
Hallo Thomas,
* Thomas Viehmann <[EMAIL PROTECTED]> [2004-03-11 20:16]:
> I know that this is not strictly debian related (he, but I found out
> looking at my qa.d.o page): My gpg key seems to have been removed from
> the public servers (e.g. pgp.earth.li) recently. Does anyone
Hi.
I know that this is not strictly debian related (he, but I found out
looking at my qa.d.o page): My gpg key seems to have been removed from
the public servers (e.g. pgp.earth.li) recently. Does anyone know why
such things happen?
Kind regards
Thomas
--
Thomas Viehmann, <http://beamnet
On Thu, Mar 11, 2004 at 06:12:21PM +0100, Thomas Viehmann wrote:
> I know that this is not strictly debian related (he, but I found out
> looking at my qa.d.o page): My gpg key seems to have been removed from
> the public servers (e.g. pgp.earth.li) recently. Does anyone know why
>
Hi.
I know that this is not strictly debian related (he, but I found out
looking at my qa.d.o page): My gpg key seems to have been removed from
the public servers (e.g. pgp.earth.li) recently. Does anyone know why
such things happen?
Kind regards
Thomas
--
Thomas Viehmann, <http://beamnet
> > I was recently accepted as a Debian developer. Among the first things I
>
> con-gratulations! :-)
Yup... Long process, big satisfaction! ;-)
> > understand I should do is to update my GPG key in order to include my
> > debian.org address - But I suppose this identit
Gunnar Wolf <[EMAIL PROTECTED]> schrieb am Mon, Apr 21, 2003 at 06:07:36PM
-0500:
> I was recently accepted as a Debian developer. Among the first things I
con-gratulations! :-)
> understand I should do is to update my GPG key in order to include my
> debian.org address - But
Gunnar Wolf wrote:
> I was recently accepted as a Debian developer. Among the first things I
> understand I should do is to update my GPG key in order to include my
> debian.org address - But I suppose this identity must then be signed by
> other members of Debian, right? I understa
Hi,
I was recently accepted as a Debian developer. Among the first things I
understand I should do is to update my GPG key in order to include my
debian.org address - But I suppose this identity must then be signed by
other members of Debian, right? I understand the tight requirements for
the
Hi Jörgen,
On Mon, Feb 24, 2003 at 03:16:06PM +0100, Jörgen Hägg wrote:
> (I'm asking this because I want to be really sure that my key
> still works after the current expire date, there has been a lot
> of key-discussions, expiration date and such.)
> My key is about to expire in a few month
(I'm asking this because I want to be really sure that my key
still works after the current expire date, there has been a lot
of key-discussions, expiration date and such.)
My key is about to expire in a few months, is it
enough to update the expiration date and submit it to the key server?
Do
Hi Jörgen,
On Mon, Feb 24, 2003 at 03:16:06PM +0100, Jörgen Hägg wrote:
> (I'm asking this because I want to be really sure that my key
> still works after the current expire date, there has been a lot
> of key-discussions, expiration date and such.)
> My key is about to expire in a few months,
(I'm asking this because I want to be really sure that my key
still works after the current expire date, there has been a lot
of key-discussions, expiration date and such.)
My key is about to expire in a few months, is it
enough to update the expiration date and submit it to the key server?
Do
On Wed, Dec 04, 2002 at 08:12:37PM +0100, Michael Banck wrote:
> On Wed, Dec 04, 2002 at 11:09:09AM -0800, Osamu Aoki wrote:
> > I do not want to make life any harder for the people signing my GPG key
> > either.
>
> It's a reasonable thing to check whether an email
On Wed, Dec 04, 2002 at 11:09:09AM -0800, Osamu Aoki wrote:
> I do not want to make life any harder for the people signing my GPG key
> either.
It's a reasonable thing to check whether an email-address is valid
before signing it IMHO.
Michael
--
we should propose to rename the FSG
ands them are true.
Sure I agree in your point of due dilligence. (I said "a bit".)
I do not want to make life any harder for the people signing my GPG key
either.
I think question was not well formed and discussion is drifting away. I
started different thread to address my real quest
Osamu Aoki wrote:
> On Wed, Dec 04, 2002 at 03:05:57AM +0100, Rene Engelhard wrote:
> > > which have that address in it.
> >
> > I sign a uid when these uid's address is not bouncing and the person who
> > claims to belong to this key answers a message encrypted to him sent
> > to the specific uid
On Wed, Dec 04, 2002 at 08:12:37PM +0100, Michael Banck wrote:
> On Wed, Dec 04, 2002 at 11:09:09AM -0800, Osamu Aoki wrote:
> > I do not want to make life any harder for the people signing my GPG key
> > either.
>
> It's a reasonable thing to check whether an email
On Wed, Dec 04, 2002 at 11:09:09AM -0800, Osamu Aoki wrote:
> I do not want to make life any harder for the people signing my GPG key
> either.
It's a reasonable thing to check whether an email-address is valid
before signing it IMHO.
Michael
--
we should propose to rename the FSG
ands them are true.
Sure I agree in your point of due dilligence. (I said "a bit".)
I do not want to make life any harder for the people signing my GPG key
either.
I think question was not well formed and discussion is drifting away. I
started different thread to address my real quest
Osamu Aoki wrote:
> On Wed, Dec 04, 2002 at 03:05:57AM +0100, Rene Engelhard wrote:
> > > which have that address in it.
> >
> > I sign a uid when these uid's address is not bouncing and the person who
> > claims to belong to this key answers a message encrypted to him sent
> > to the specific uid
On Tue, Dec 03, 2002 at 07:26:48PM -0800, Richard A. Hecker wrote:
> Oohara Yuuma wrote:
>
> > When signing a GPG key, is it better to sign all of its uids, or
> > just an uid that I see relevant (such as the @debian.org one)?
> > I usually meet someone, get a hardcop
Hi,
On Wed, Dec 04, 2002 at 03:05:57AM +0100, Rene Engelhard wrote:
> Hi,
>
> Oohara Yuuma wrote:
> > When signing a GPG key, is it better to sign all of its uids, or
> > just an uid that I see relevant (such as the @debian.org one)?
> > I usually meet someone
Oohara Yuuma wrote:
> When signing a GPG key, is it better to sign all of its uids, or
> just an uid that I see relevant (such as the @debian.org one)?
> I usually meet someone, get a hardcopy of the key fingerprint,
> the e-mail address and so on, then check it later and sign the
On Tue, Dec 03, 2002 at 07:26:48PM -0800, Richard A. Hecker wrote:
> Oohara Yuuma wrote:
>
> > When signing a GPG key, is it better to sign all of its uids, or
> > just an uid that I see relevant (such as the @debian.org one)?
> > I usually meet someone, get a hardcop
Hi,
Oohara Yuuma wrote:
> When signing a GPG key, is it better to sign all of its uids, or
> just an uid that I see relevant (such as the @debian.org one)?
> I usually meet someone, get a hardcopy of the key fingerprint,
> the e-mail address and so on, then check it later and sign the
Hi,
On Wed, Dec 04, 2002 at 03:05:57AM +0100, Rene Engelhard wrote:
> Hi,
>
> Oohara Yuuma wrote:
> > When signing a GPG key, is it better to sign all of its uids, or
> > just an uid that I see relevant (such as the @debian.org one)?
> > I usually meet someone
Oohara Yuuma wrote:
> When signing a GPG key, is it better to sign all of its uids, or
> just an uid that I see relevant (such as the @debian.org one)?
> I usually meet someone, get a hardcopy of the key fingerprint,
> the e-mail address and so on, then check it later and sign the
When signing a GPG key, is it better to sign all of its uids, or
just an uid that I see relevant (such as the @debian.org one)?
I usually meet someone, get a hardcopy of the key fingerprint,
the e-mail address and so on, then check it later and sign the uid
which have that address in it
Hi,
Oohara Yuuma wrote:
> When signing a GPG key, is it better to sign all of its uids, or
> just an uid that I see relevant (such as the @debian.org one)?
> I usually meet someone, get a hardcopy of the key fingerprint,
> the e-mail address and so on, then check it later and sign the
When signing a GPG key, is it better to sign all of its uids, or
just an uid that I see relevant (such as the @debian.org one)?
I usually meet someone, get a hardcopy of the key fingerprint,
the e-mail address and so on, then check it later and sign the uid
which have that address in it
Hi Steve!
On Mon, 17 Jun 2002, Steve Langasek wrote:
> On Mon, Jun 17, 2002 at 10:53:19PM -0400, B. L. Jilek wrote:
> > Hi Stephen!
>
> > On Mon, 17 Jun 2002, Stephen Stafford wrote:
>
> > > On Tue, Jun 18, 2002 at 12:07:56AM +0200, Rene Engelhard wrote:
> > > > Paul Cupis wrote:
> > > > >
On Mon, Jun 17, 2002 at 10:53:19PM -0400, B. L. Jilek wrote:
> Hi Stephen!
> On Mon, 17 Jun 2002, Stephen Stafford wrote:
> > On Tue, Jun 18, 2002 at 12:07:56AM +0200, Rene Engelhard wrote:
> > > Paul Cupis wrote:
> > > > Present a menu which enables you to do all key
> > > >
Hi Stephen!
On Mon, 17 Jun 2002, Stephen Stafford wrote:
> On Tue, Jun 18, 2002 at 12:07:56AM +0200, Rene Engelhard wrote:
> > Paul Cupis wrote:
> > > Present a menu which enables you to do all key
> > > related tasks:
> > >
> > > revsigRe
On Tue, Jun 18, 2002 at 12:07:56AM +0200, Rene Engelhard wrote:
> Paul Cupis wrote:
> > So it looks like you can generate a revokation certificate for a particular
> > signature.
> ^
>
> Yes, you can revoke a _signature_. But that was not the question. He
> wanted to remove one of his _
On Tue, Jun 18, 2002 at 12:07:56AM +0200, Rene Engelhard wrote:
> Paul Cupis wrote:
> > Present a menu which enables you to do all key
> > related tasks:
> >
> > revsigRevoke a signature. GnuPG asks for
> >eve
On Tue, Jun 18, 2002 at 12:07:56AM +0200, Rene Engelhard wrote:
> Paul Cupis wrote:
> > Present a menu which enables you to do all key
> > related tasks:
> >
> > revsigRevoke a signature. GnuPG asks for
> >eve
Paul Cupis wrote:
> Present a menu which enables you to do all key
> related tasks:
>
> revsigRevoke a signature. GnuPG asks for
>every signature which has been done by
>one of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Monday 17 June 2002 19:02, Bill Jonas wrote:
> On Mon, Jun 17, 2002 at 07:21:39PM +0200, Rene Engelhard wrote:
> > Deleting uids IIRC is *not* possible, it can be that it reappears
> > through the synching of the keyservers.
>
> I *think* it's possi
On Mon, Jun 17, 2002 at 07:21:39PM +0200, Rene Engelhard wrote:
> Deleting uids IIRC is *not* possible, it can be that it reappears
> through the synching of the keyservers.
I *think* it's possible to generate a revocation certificate, though,
for just one UID. I'm not entirely sure, though.
--
Duncan Findlay wrote:
> However, [EMAIL PROTECTED] is no longer a valid e-mail address. Should I
> delete the uid, even though it is the only signed uid, or should I
> leave it, even though the e-mail is not valid?
Deleting uids IIRC is *not* possible, it can be that it reappears
through the synch
My GPG key currently is:
pub 1024D/6BE69CD0 2001-06-20 Duncan Findlay <[EMAIL PROTECTED]>
sig 3 6BE69CD0 2002-05-12 Duncan Findlay <[EMAIL PROTECTED]>
uidDuncan Findlay <[EMAIL PROTECTED]>
sig 3 6BE69CD0 2001-09-22 Duncan Findlay
On Thu, 25 Apr 2002, Jason Lunz wrote:
> trust web is an "identity". That can (and should) be independent of real
> name. Why? Because there are people in the world who live in countries
> or situations where they cannot safely reveal their real life identity.
Join the cDc then, but not Debian.
-
On Thu, Apr 25, 2002 at 05:38:40PM -0400, Jason Lunz wrote:
> I think this needs more consideration. What is being signed into the
> trust web is an "identity". That can (and should) be independent of real
> name. Why? Because there are people in the world who live in countries
> or situations wher
[EMAIL PROTECTED] said:
>> Should I sign his key ?
>
> No. Request that he adds an UID to his key with his name as it appears on
> his documents (the name that he would have in a international travel pass,
> for example), and sign THAT UID (and any others you have verified to be
> completely true)
On Thu, 25 Apr 2002, Jason Lunz wrote:
> trust web is an "identity". That can (and should) be independent of real
> name. Why? Because there are people in the world who live in countries
> or situations where they cannot safely reveal their real life identity.
Join the cDc then, but not Debian.
On Thu, Apr 25, 2002 at 05:38:40PM -0400, Jason Lunz wrote:
> I think this needs more consideration. What is being signed into the
> trust web is an "identity". That can (and should) be independent of real
> name. Why? Because there are people in the world who live in countries
> or situations whe
[EMAIL PROTECTED] said:
>> Should I sign his key ?
>
> No. Request that he adds an UID to his key with his name as it appears on
> his documents (the name that he would have in a international travel pass,
> for example), and sign THAT UID (and any others you have verified to be
> completely true
On Thu, 25 Apr 2002, christophe barbé wrote:
> But the key makes no references to his name.
[...]
> Should I sign his key ?
No. Request that he adds an UID to his key with his name as it appears on
his documents (the name that he would have in a international travel pass,
for example), and sign TH
On Thu, Apr 25, 2002 at 11:22:50AM -0400, christophe barb? wrote:
> IDs are easily forged. I am sure of that since I have see how it works
To misquote Old Man Murray, it's better than relying on scent.
IDs are the best thing we have for identifying the person's real name,
and real names are _requ
On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
> > He use his email address in his gpg key but his email address is not
> > related to his name.
>
> > I am sure he is the guy behind the key.
> > I started this thread because of the debian implication.
On Thu, Apr 25, 2002 at 11:20:30AM -0400, christophe barbé wrote:
> On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
> > Upon rereading, I see what you're asking here. You're worried that if
> > you sign a uid that doesn't have his name on it, and he adds another uid
> > later that
On Thu, Apr 25, 2002 at 10:50:43AM -0400, Chad Miller wrote:
> No! One doesn't really sign "keys". One signs identification. If you meet
> someone, your goal is to match the picture ID with the face, and the name on
> the ID with the UID in the keyring. Just because we meet, and I show you
> an
On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
> Upon rereading, I see what you're asking here. You're worried that if
> you sign a uid that doesn't have his name on it, and he adds another uid
> later that does have a name on it (not necessarily his), this will
> mistakenly be ac
On Thu, Apr 25, 2002 at 10:04:39AM -0500, Steve Langasek wrote:
> I still don't understand what you mean by a 'without-ID key'. It's
> difficult to give you a clear answer unless you can give us tangible
> information. A PGP uid has three parts to it: a name, an email address,
> and a comment. W
On Thu, Apr 25, 2002 at 10:56:31AM -0400, christophe barbé wrote:
> I forgot to mention that we exchanged encrypted secret words and that I
> check the fingerprint when I meet him.
> He use his email address in his gpg key but his email address is not
> related to his name.
>
christophe barbé <[EMAIL PROTECTED]> writes:
> I forgot to mention that we exchanged encrypted secret words and that I
> check the fingerprint when I meet him.
>
> He use his email address in his gpg key but his email address is not
> related to his name.
>
> I am su
On Thu, Apr 25, 2002 at 10:56:31AM -0400, christophe barbé wrote:
> I forgot to mention that we exchanged encrypted secret words and that I
> check the fingerprint when I meet him.
> He use his email address in his gpg key but his email address is not
> related to his name.
>
I forgot to mention that we exchanged encrypted secret words and that I
check the fingerprint when I meet him.
He use his email address in his gpg key but his email address is not
related to his name.
I am sure he is the guy behind the key.
I started this thread because of the debian
On Thu, Apr 25, 2002 at 10:04:20AM -0400, christophe barb? wrote:
> I wonder if it is acceptable to sign a key from someone that :
> [irrelevent stuff]
> But the key makes no references to his name.
>
> In my understanding the ID is useless but I have enough element to
> believe he is the guy he
On Thu, 25 Apr 2002, christophe barbé wrote:
> But the key makes no references to his name.
[...]
> Should I sign his key ?
No. Request that he adds an UID to his key with his name as it appears on
his documents (the name that he would have in a international travel pass,
for example), and sign T
On Thu, Apr 25, 2002 at 10:04:20AM -0400, christophe barbé wrote:
> I wonder if it is acceptable to sign a key from someone that :
> - I meet him personnaly and saw his ID
> - I saw him in a public meeting in a specific role (We can consider he
> is well known)
> - I have a lot of public mails
Hi,
I wonder if it is acceptable to sign a key from someone that :
- I meet him personnaly and saw his ID
- I saw him in a public meeting in a specific role (We can consider he
is well known)
- I have a lot of public mails from him that are all signed
But the key makes no references to his nam
On Thu, Apr 25, 2002 at 11:22:50AM -0400, christophe barb? wrote:
> IDs are easily forged. I am sure of that since I have see how it works
To misquote Old Man Murray, it's better than relying on scent.
IDs are the best thing we have for identifying the person's real name,
and real names are _req
On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
> > He use his email address in his gpg key but his email address is not
> > related to his name.
>
> > I am sure he is the guy behind the key.
> > I started this thread because of the debian implication.
On Thu, Apr 25, 2002 at 11:20:30AM -0400, christophe barbé wrote:
> On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
> > Upon rereading, I see what you're asking here. You're worried that if
> > you sign a uid that doesn't have his name on it, and he adds another uid
> > later that
On Thu, Apr 25, 2002 at 10:50:43AM -0400, Chad Miller wrote:
> No! One doesn't really sign "keys". One signs identification. If you meet
> someone, your goal is to match the picture ID with the face, and the name on
> the ID with the UID in the keyring. Just because we meet, and I show you
> a
On Thu, Apr 25, 2002 at 10:11:25AM -0500, Steve Langasek wrote:
> Upon rereading, I see what you're asking here. You're worried that if
> you sign a uid that doesn't have his name on it, and he adds another uid
> later that does have a name on it (not necessarily his), this will
> mistakenly be a
On Thu, Apr 25, 2002 at 10:04:39AM -0500, Steve Langasek wrote:
> I still don't understand what you mean by a 'without-ID key'. It's
> difficult to give you a clear answer unless you can give us tangible
> information. A PGP uid has three parts to it: a name, an email address,
> and a comment.
1 - 100 of 218 matches
Mail list logo
