Where to get key A714EB87D1B1F415?
art.alexion at verizon.net
Thu Dec 7 13:39:18 UTC 2006
On Thursday 07 December 2006 01:19, Michel D'HOOGE wrote:
> On Wednesday 06 December 2006 16:30, D. R. Evans wrote:
> > I am fairly paranoid about not installing unsigned packages
> Thanks for saying that because IMHO it seems to be a common behaviour that
> I think quite odd & risky! I explain:
> Indeed, why do you believe you are safer once you downloaded the public key
> of someone you don't know? As long as there is no "GPG trust path" between
> you and the guy providing the packages, nothing has changed.
Good point, except one thing. A pgp key at least insures that you continue to
deal with the same person. Even outside repositories and email, we did not
necessarily have a "trust path" for most people we deal with. Trust evolves
over repeated dealings. At some point we take a chance, then after a
positive course of experience, we develop trust.
There are people on mailing lists that I will never meet, nor have a trust
path connection. However, I can see what they write over time and decide
whether or not to trust them. Once I develop that trust, the pgp signature
insures that I am dealing with them.
PGP fingerprint: 52A4 B10C AA73 096F A661 92D2 3B65 8EAC ACC5 BA7A
The attachment - signature.asc - is my electronic signature; no need for
alarm. Info @
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 309 bytes
Desc: not available
More information about the kubuntu-users