On Monday 30 March 2009 08:28:12 Stanisław T. Findeisen wrote: > Mikkel L. Ellertson wrote: > > Let me see - The Gnupg package is included with Fedora. RPMs are > > signed with a GPG key - each version has its own key. The extra > > repositories have their own keys. When their was a possibility that > > the keys had been compromised, new keys were issued. It is not like > > Fedora isn't already using gpg... > > > > About the only change I can see would be signing the files needed to > > do a network install... > > I was talking about the community more, than about the repos. Is GnuPG > widely used in the community? How about the people from M$ world? > > Again: promoting GnuPG would promote: > * GNU > * free software > * security and authenticity > * bazaar model > * mutual trust > all at the same time. > > Maybe that would be better than to sit and wait for Microsoft/whatever > to sell everybody his X.509.... Wide use of encryption/digital > signatures will come sooner or later, I guess. > If you examine my key you will see that it is signed by a number of people who have properly verified that I am who I say I am. This is essential for the web of trust to work, but frankly it is not understood by many people, and I've seen conversations where people will sign anyone's key. The whole web of trust falls apart when this happens. Since the criteria for correct verification is very precise, I can't see most people getting their keys signed, and without that, the point of using a key is very limited. Anne -- New to KDE4? - get help from http://userbase.kde.org Just found a cool new feature? Add it to UserBase
Description: This is a digitally signed message part.