Package review status
Volker Quetschke
quetschke@scytek.de
Wed Sep 25 05:39:00 GMT 2002
Hi!
Sorry, replied to the wrong mailing list in the first place.
> Hi Robert,
>
>> Right, well I'll happily run generate checksums of what I download, and
>> if the poster to here posts the expected checksums, in a gpg signed
>> message, then we can be fairly sure that whomever sent the email,
>> created the package files.
>>
>> Generating trust in a specific GPG signature takes time or a web of
>> trust, and is a related-but-separate discussion. I think that my GPG key
>> is well associated with me by now :] (Either that, or a very persistence
>> mimic :};}). One way would be for maintainers to follow a similar
>> approach and consistently sign their emails. YMMV.
>
> yes, but I need your public key to verify that you are really YOU.
>
> Where did you put your public key, I tried some keyservers but couldn't
> find you. Many "Robert Collins", but not with rbcollins@cygwin.com .
Bye
Volker
--
PGP/GPG key (ID: 0x9F8A785D) available from wwwkeys.de.pgp.net
key-fingerprint 550D F17E B082 A3E9 F913 9E53 3D35 C9BA 9F8A 785D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 250 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20020925/bc812396/attachment.sig>
More information about the Cygwin
mailing list