Where to get key A714EB87D1B1F415?

Art Alexion art.alexion at verizon.net
Thu Dec 7 13:39:18 GMT 2006


On Thursday 07 December 2006 01:19, Michel D'HOOGE wrote:
> On Wednesday 06 December 2006 16:30, D. R. Evans wrote:
> > I am fairly paranoid about not installing unsigned packages
>
> Thanks for saying that because IMHO it seems to be a common behaviour that
> I think quite odd & risky! I explain:
>
> Indeed, why do you believe you are safer once you downloaded the public key
> of someone you don't know? As long as there is no "GPG trust path" between
> you and the guy providing the packages, nothing has changed.

Good point, except one thing.  A pgp key at least insures that you continue to 
deal with the same person.  Even outside repositories and email, we did not 
necessarily have a "trust path" for most people we deal with.  Trust evolves 
over repeated dealings.  At some point we take a chance, then after a 
positive course of experience, we develop trust.

There are people on mailing lists that I will never meet, nor have a trust 
path connection.  However, I can see what they write over time and decide 
whether or not to trust them.  Once I develop that trust, the pgp signature 
insures that I am dealing with them.
-- 

_____________________________________________________________
Art Alexion

PGP fingerprint: 52A4 B10C AA73 096F A661  92D2 3B65 8EAC ACC5 BA7A
Keyserver: hkp://subkeys.pgp.net
The attachment - signature.asc - is my electronic signature; no need for 
alarm.  Info @ 
http://mysite.verizon.net/art.alexion/encryption/signature.asc.what.html
_____________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/kubuntu-users/attachments/20061207/bc8837d6/attachment.pgp 


More information about the kubuntu-users mailing list