|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Keysigning: The Aftermath
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eric J. Roode wrote:
> But then... Do you leave the signatures on your local (personal) keyring?
> Or leave them unsigned locally?
I leave them on my local keyring. signed.
> Seems to me there are the following possibilities, after you mail out the
> individually-signed keys to the various email addresses:
>
> 1. Leave all the uids signed on your personal keyring.
> But: if you accidentally distribute that key, you've vouched for
> possibly-forged addresses.
I never accidentally distribute keys, because I never distribute them,
period. If someone wants a signed copy of their key, I will mail it
to them; they can then decide for themselves how they want to distribute
it to the world (e.g. keyserver). As a matter of fact, I think the whole
concept of keyservers accepting other people's keys (for example, via
"gpg --send-key") is a fundamental flaw in the system and should not be used.
- --
Greg Sabino Mullane greg@turnstep.com
PGP Key: 0x14964AC8 200502100729
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
-----BEGIN PGP SIGNATURE-----
iD8DBQFCC1RxvJuQZxSWSsgRAqo6AKClmwWW6WUoUG0u3F9UpXTQkqcfqACdGqLm
apdiAK8xqJ+3TJn7TU9JWLI=
=iWgd
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|