spamassassin-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Date Tue, 12 Jan 2010 22:00:53 GMT

--- Comment #9 from Justin Mason <> 2010-01-12 14:00:40 UTC ---
(In reply to comment #8)
> Over 500 people signed the new signing key?
> Without checking its photo id? =)
> I suppose this is OK, but is including all 200KB really necessary?
> +1

over 500 people signed keys that signed the key.  (probably most are from
keysigning parties that myself or Theo attended, I suspect)

If it's safe, I'd like to trim down the 200KB to something smaller; can any GPG
wizards indicate that it's ok to do so?  my naive assumption is that if I was
to do so, it would lessen people's ability to verify a web-of-trust between
their own trusted keys, and our keys, assuming they were attempting to do so
without a working connection to a keyserver (e.g. offline).

Maybe the web-of-trust is moot in our use-cases, but I think it's a nice side
benefit of using gpg.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

View raw message