[messaging] Separation of concerns, usability, and partial verification
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Mar 12 14:12:26 PDT 2014
On 03/12/2014 05:01 PM, Ximin Luo wrote:
> Sure - I meant to emphasize that the debian keyserver additionally then takes this information and puts it into the debian-keyring package, assuming that it is valid (in a way that other keyservers do not), and distributes this to other people with implicit authority. Fortunately, I haven't seen an actual abuse of this.
to my knowledge, this data is not synced automatically from the debian
keyserver; there is a manual step where keyring-maint (which is a team
of humans) considers what to import. I'm happy to clarify this with the
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1010 bytes
Desc: OpenPGP digital signature
More information about the Messaging