oss-sec mailing list archives
Re: Web of trust
From: Yves-Alexis Perez <corsac () debian org>
Date: Mon, 04 Apr 2011 23:00:42 +0200
On lun., 2011-04-04 at 16:41 +0200, Nico Golde wrote:
Ok please use nion () debian org with E1AB DE0E FFCA AEF3 9494 7592 CD4B 2AF3 A0A0 AAAA. This key is signed by 73647CFF which is in the Debian keyring and a transition statement signed by 73647CFF as well is online at http://nion.modprobe.de/key-transition-2008-06-01.txt.asc
Sorry for diverting the thread. I'm not intending to request subscription to vendor-sec (I'm not yet really active in Debian security team) but considering the use of GPG, would it make sense to have at least some kind of “web of trust” thing on the involved keys? That plus subscribing the project address when possible could help maintaining some confidence about where the mail really ends (though that doesn't mean it can't be leaked later). I'm not sure the procedure Debian use for cross-signing would fit because it involves physical meeting (and usually beer signing too) and it might not be practical, but it's still an idea. Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Closed list, (continued)
- Re: Closed list Solar Designer (Apr 03)
- Re: Closed list Mark J Cox (Apr 04)
- Re: Closed list Marcus Meissner (Apr 04)
- Re: Closed list Marc Deslauriers (Apr 04)
- Re: Closed list Jamie Strandboge (Apr 05)
- Re: Closed list Solar Designer (Apr 05)
- Re: Closed list Solar Designer (Apr 03)
- Re: Closed list Nico Golde (Apr 04)
- Re: Closed list Solar Designer (Apr 04)
- Re: Closed list Nico Golde (Apr 04)
- Re: Closed list Solar Designer (Apr 04)
- Re: Web of trust Yves-Alexis Perez (Apr 04)
- Re: Web of trust Solar Designer (Apr 04)
- Re: Closed list Josh Bressers (Apr 03)
- Re: Closed list Solar Designer (Apr 04)
- Re: Closed list Solar Designer (Apr 04)
- Re: Closed list Solar Designer (Apr 04)