Re: certification of signatures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim wrote:
> I'm curious about why you'd need to do it with a local key.

Not a local key, a local, non-exportable signature, as opposed to an
exportable signature, which is what gpg creates by default.

You don't "need" to use local signature, but I feel it is preferable
(especially when giving advice to folks that might not spend much time
reading on the nuances of GPG).

The reason I consider it preferable is that it prevents new users from
signing the fedora key with a typical, exportable signature which they
can easily leak to a keyserver¹ and cost themselves some credibility
as a key signer.  It costs credibility, IMO, because I know that there
is practically no way for those folks to have done the sort of
verification of the fedora key worthy of adding their signature to the
key.

My advice is that if someone feels the need to sign the fedora key to
make the warnings go away, they should use a local, non-exportable
signature (gpg's --lsign option).  It's also well worth considering
whether they need to sign the fedora key at all. :)

¹ Like this:
  http://keys.gnupg.net:11371/pks/lookup?op=vindex&search=0xB44269D04F2A6FD2

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Despite the high cost of living, it remains a popular item.

Attachment: pgpEZCh4n6Bmn.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux