[messaging] Separation of concerns, usability, and partial verification

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Mar 12 14:12:26 PDT 2014

On 03/12/2014 05:01 PM, Ximin Luo wrote:
> Sure - I meant to emphasize that the debian keyserver additionally then takes this information and puts it into the debian-keyring package, assuming that it is valid (in a way that other keyservers do not), and distributes this to other people with implicit authority. Fortunately, I haven't seen an actual abuse of this.

to my knowledge, this data is not synced automatically from the debian
keyserver; there is a manual step where keyring-maint (which is a team
of humans) considers what to import.  I'm happy to clarify this with the
team, though.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140312/7249eb37/attachment.sig>

More information about the Messaging mailing list