Patrick O'Callaghan wrote: > Slightly OT, but what the hell: we should realize that trusting keys > isn't the same as trusting people. Trust as applied to PGP/GPG keys > means "I believe this key belongs to this person (e.g. because the > person physically gave me the public key and demonstrated that he > could sign things with the corresponding private one)". It does > *not* mean "I trust this person not to lie to me or do evil with the > information I send him". It's unfortunate that the web-of-trust > notion has taken on a semantic overlay that doesn't fit, due in > large part to the unfortunate choice of terminology. A good point. In a few talks I've given on OpenPGP, I tried to make the distinction that validity is for keys, and trust if for people. And that this trust is (sort of like you say) in the sense of "I trust this person to properly validate keys" and not in the "I trust this person is a completely decent human." :) -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I believe in the noble, aristocratic art of doing absolutely nothing. And someday, I hope to be in a position where I can do even less.
Attachment:
pgpN9JDUgFqN1.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list