[Mageia-dev] [Off topic: GPG-signature]

Maarten Vanraes alien at rmail.be
Fri Nov 25 09:07:03 CET 2011


Op vrijdag 25 november 2011 06:04:15 schreef Duane Phinney:
> On 11/24/2011 10:46 PM, David W. Hodgins wrote:
> > On Thu, 24 Nov 2011 23:20:46 -0500, Duane Phinney
> > 
> > <genomega at earthlink.net> wrote:
> >> There is a point: If an email appears on the list from me which has not
> >> been signed its not from me which has happened in the past.
> > 
> > If the public key is not made available, no one can tell if you signed
> > the message, or if someone copied the pgp sig from some other message,
> > from you.
> > 
> > Regards, Dave Hodgins
> 
> If you are looking for a fight look elseware. Over and out.

I don't think he's looking for a fight.

I think they are just trying to verify that you is really you. PGP is 
public/private key signing and usually one gives out the public key so that 
people can use the public key to verify messages signed with the private key.

After all, people can even send email apparently from your email address and 
even pgp sign it with their own key. Then we have 2 messages from you but 
signed with different keys and no way of knowing which one would be real or 
not.


More information about the Mageia-dev mailing list