[messaging] Separation of concerns, usability, and partial verification
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Mar 12 14:12:26 PDT 2014
On 03/12/2014 05:01 PM, Ximin Luo wrote:
> Sure - I meant to emphasize that the debian keyserver additionally then takes this information and puts it into the debian-keyring package, assuming that it is valid (in a way that other keyservers do not), and distributes this to other people with implicit authority. Fortunately, I haven't seen an actual abuse of this.
to my knowledge, this data is not synced automatically from the debian
keyserver; there is a manual step where keyring-maint (which is a team
of humans) considers what to import. I'm happy to clarify this with the
team, though.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140312/7249eb37/attachment.sig>
More information about the Messaging
mailing list