The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC: Proposal for signed packages

To: debian-private@lists.debian.org
Subject: Re: RFC: Proposal for signed packages
From: Ioannis Tambouras <ioannis@flinet.com>
Date: Wed, 12 Feb 1997 23:44:33 -0500 (EST)
Importance: low
In-reply-to: <87d8u6rnm5.fsf@slip-108-44.ots.utexas.edu>
Priority: non-urgent
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"3Xe7-3.0.7h7.rkf0p"@master.debian.org>
Resent-reply-to: debian-private@lists.debian.org
Resent-sender: debian-private-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----

On 12 Feb 1997, Guy Maor wrote:

> Nicolás Lichtmaier <nick@feedback.com.ar> writes:
> 
> >  How could somebody sign my key? I'm in another country and Nicol=E1s
> > Lichtmaier could exist, but it might not be me...! =3D)
> 
> I meant how does that organization (Thawte is their name, it turns
> out) sign keys?
> 
> You should only sign the keys of people you know personally.
> 
> 
> Guy

 Strictly speaking, verification (most likely) means that the truth of
 information in the "user id" field of the key matches the public
 key. Thus, supposing that my next door neighbor, Bob, who I know is a
 car mechanic, and whose identity and public number I know beyond doubt,
 gives my the following to verify, I should refuse! (note the email address):

pub  1024/FA9F8851 1997/01/24 Bob Robin <agent99@CIA.gov>
sig       FA9F8851             Bob Robin <agent99@CIA.gov>

 I think, Bob must also prove that his email address belongs to him.

 However, if my neigboor asks me to testify that he has a 10-year-old son,
 and that is true, I should not refuse to sign this:

pub  1024/FA9F8851 1997/01/24  My son is 10 years old.  
sig       FA9F8851              My son is 10 years old.

 That we are signing is the truthfulness of the "user id" field, for that
 public key. BTW, once the identity of the developers has been verified to
 Debian's satisfaction, will Debian sign our keys? 
 Why not! If the answer is no, that only means that we have about to do 
 a half-cooked job.

Ioannis Tambouras
ioannis@flinet.com
PGP 1024/FA9F8851, West Palm Beach, Florida

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMwKcNvdPvfH6n4hRAQFO4AP+NIHXsOyzAIaVJGuj0ErcgS6So3JM3GVV
Y+Spozw5/TNcnWBEA9ufhjPggvc+6nxWfcPLKShvRPNG/sKyKz/fZoQZHdhEd/tH
+gBExRpE0wp/lZLvIgsPwSTvnH5J9auxT0tqEv8guMQ/oOXbxAGpanmrB/POshjE
GGbARezOCD0=
=6Kqe
-----END PGP SIGNATURE-----

--
This message was delayed because the list mail delivery agent was down.

References:
- Re: RFC: Proposal for signed packages
  - From: Guy Maor <maor@ece.utexas.edu>

Prev by Date: Re: the NAKED MILE
Next by Date: Constitution
Previous by thread: Re: RFC: Proposal for signed packages
Next by thread: Re: RFC: Proposal for signed packages
Index(es):
- Date
- Thread