on 7/12/2007 6:29 PM, Tim wrote: > On Thu, 2007-07-12 at 10:01 -0700, Les wrote: >> I am starting this thread because I see many folks signing their >> emails with a digital signature. > > I don't see a problem in someone posting a signed message. I do see a > problem in beleiving that they are who they claim to be. There isn't > any verification done, it's self-signed (self created). I've yet to > find *any* GPG/PGP key that was counter-signed by another person, let > alone one that was counter-signed by someone I trust. > > I think that is a glaring omission when it comes to RPM packages, or > even notices about updates. Nevemind e-mails. There is a better chance of me being 'me' than there is of you being 'you'. ;-) Websites are signed, they have certificates, as well as packages are signed by distributions. I would much rather trust a package signed by Fedora than I would one without a signature. Or one that I do not know. If you, for example, used Gnupg as I do you and I could actually send private emails. Ones that only you and I can read. Since every server keeps a copy of everything that you post, not just you but everyone, just about anyone can read what you write. Kinda' makes you feel naked doesn't it? ;-) -- David
Attachment:
signature.asc
Description: OpenPGP digital signature
