Tim wrote: > On Thu, 2007-07-12 at 10:01 -0700, Les wrote: >> I am starting this thread because I see many folks signing their >> emails with a digital signature. > > I don't see a problem in someone posting a signed message. I do see a > problem in believing that they are who they claim to be. There isn't > any verification done, it's self-signed (self created). I've yet to > find *any* GPG/PGP key that was counter-signed by another person, let > alone one that was counter-signed by someone I trust. Well, you don't have believe who they claim to be....but you have to admit that if someone like "David Boles" signs all of his emails and you get an email from someone claiming he is "David Boles" where he calls you "wanker" but the signature doesn't verify then you know the "original David Boles" is not to blame. That is why key management is there where you can assign levels of trust. > I think that is a glaring omission when it comes to RPM packages, or > even notices about updates. Nevemind e-mails. Nahhh... As long as you pickup the public key from a source you trust then there is no issue.
