gabriel rosenkoetter on Wed, 2 Jul 2003 23:33:25 -0400


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] July keysigning now has 3 new keys


On Wed, Jul 02, 2003 at 05:01:43PM -0400, Jeff Abrahamson wrote:
>     1) The system depends on my sending those signatures to a central
>        PLUG member (Mike?)? But that's useless, as no one can benefit
>        if only Mike knows.

But Mike (theoretically) updates phillylinux.gpg, the file on the
key server, which is what Chris generated his image based upon.

So that means that whoever signed your key didn't send their
signatures of your key to Mike. Which shouldn't matter as long as
*you've* sent your updated key to the keyserver, because the
signatures will get there that way, because Mike updated
phillylinux.gpg from a keyserver earlier today... one of the broken
ones, as I mentioned then, but still.

>     2) People haven't sent their signed keys to key servers?

Not everyone does. See my comments about broken key servers. Sending
a key with subkeys to a keyserver which fully supports them but
which synchronizes with the broken keyservers mangles your key (on
the broken keyservers) just as badly as sending your key to the
broken keyservers does.

For example of why this sucks, look no further than David Shaw. I'm
sure he'd be glad to explain how he uses PGP all the time but people
can never verify his signature.

>     3) You forgot to update your own keys from a keyserver

That image isn't based on Chris's keychain, so far as I know.

>     4) I'm confused.

Seems so, but justifiably so. :^>

-- 
gabriel rosenkoetter
gr@eclipsed.net

Attachment: pgpRzBkMLKzbj.pgp
Description: PGP signature