gabriel rosenkoetter on Wed, 2 Jul 2003 23:33:25 -0400 |
On Wed, Jul 02, 2003 at 05:01:43PM -0400, Jeff Abrahamson wrote: > 1) The system depends on my sending those signatures to a central > PLUG member (Mike?)? But that's useless, as no one can benefit > if only Mike knows. But Mike (theoretically) updates phillylinux.gpg, the file on the key server, which is what Chris generated his image based upon. So that means that whoever signed your key didn't send their signatures of your key to Mike. Which shouldn't matter as long as *you've* sent your updated key to the keyserver, because the signatures will get there that way, because Mike updated phillylinux.gpg from a keyserver earlier today... one of the broken ones, as I mentioned then, but still. > 2) People haven't sent their signed keys to key servers? Not everyone does. See my comments about broken key servers. Sending a key with subkeys to a keyserver which fully supports them but which synchronizes with the broken keyservers mangles your key (on the broken keyservers) just as badly as sending your key to the broken keyservers does. For example of why this sucks, look no further than David Shaw. I'm sure he'd be glad to explain how he uses PGP all the time but people can never verify his signature. > 3) You forgot to update your own keys from a keyserver That image isn't based on Chris's keychain, so far as I know. > 4) I'm confused. Seems so, but justifiably so. :^> -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpRzBkMLKzbj.pgp
|
|