On Thu, 28 Oct 2004 15:17:18 -0600, Rodolfo J. Paiz <rpaiz@xxxxxxxxxxxxxx> wrote: > Even though I believe you have some interesting points, pointing very > experienced programmers such as Dave and Jeff to the GNUPG docs is > downright insulting and (I would say) entirely inappropriate. Uhm, as flattering as this is.. its really not in your best interest to hold me up as an example of a 'very experienced programmer' (unless you are of course talking about programming in terms of mind control and personality reprogramming.) I've said it before and I'll say it again, I'm just a small dog who barks... a lot. And frankly I would much rather see Matias citing much much much more specific authoritative documentation, or compelling historical discussion that have come before that can be used for guidance in the current discussion as back up for his personal opinions. Its much easier to discuss our way past disagreements when the disagreement can be viewed in context of authoritive documentation and precedent setting discussion that have gone on elsewhere. But as it stands we are stock in a discussion on par with "less filling/tastes great." If anything i looked at Matias attempt to point me to useful documentation as a way forward, out of the cycle of dispair. It was the first truly noteworthy attempt at education and resolution that I've seen from Matias, and I thank him for it. Sadly I've taken the time to follow his instructions and I have re-read the bulk of the documentation at the gnupg site hoping to find anything that speaks to the risks and benefits of automated signing..and im not seeing much. I see a short discussion on how to do automated signing with gnupg (barely relevant to rpm's specific implementation), but not much in terms of what it "means" to do automated signing in terms of expected security, in the context of generally accepted understanding of what signing a package means for the userbase. -jef"far more willing to read documentation then to listen to personal opinion"spaleta