[SGVLUG] any Debian developers in the area / keysigning for prospective debian developer

Steve M Bibayoff bibayoff at gmail.com
Sat Mar 1 12:35:44 PST 2014


Hello,

On Sat, Mar 1, 2014 at 12:09 PM, John Kreznar <jek at ininx.com> wrote:

> What matters is that the mind that wrote the software and the mind that
> knows the passphrase to the GPG key are one and the same.  Physical
> appearance is irrelevant.

For signing packages, yea. But for proving that you are this person
with a certain key, yes, it is relevant.

Which brings me back to your point, what would your solution to this?
(you meet someone, checked their ID, exchanged keys, and then took
them on their word that they are the true authors of the package)


Hopefully I understand your argument,
Steve, who is currently also lacking a digital signature.



More information about the SGVLUG mailing list