Re: certification of signatures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim wrote:
> I'm curious about why you'd need to do it with a local key.

Not a local key, a local, non-exportable signature, as opposed to an
exportable signature, which is what gpg creates by default.

You don't "need" to use local signature, but I feel it is preferable
(especially when giving advice to folks that might not spend much time
reading on the nuances of GPG).

The reason I consider it preferable is that it prevents new users from
signing the fedora key with a typical, exportable signature which they
can easily leak to a keyserver¹ and cost themselves some credibility
as a key signer.  It costs credibility, IMO, because I know that there
is practically no way for those folks to have done the sort of
verification of the fedora key worthy of adding their signature to the
key.

My advice is that if someone feels the need to sign the fedora key to
make the warnings go away, they should use a local, non-exportable
signature (gpg's --lsign option).  It's also well worth considering
whether they need to sign the fedora key at all. :)

¹ Like this:
  http://keys.gnupg.net:11371/pks/lookup?op=vindex&search=0xB44269D04F2A6FD2

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Despite the high cost of living, it remains a popular item.

Attachment: pgpMlVI6UDZfc.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux