Package review status
Robert Collins
rbcollins@cygwin.com
Wed Sep 25 07:32:00 GMT 2002
On Wed, 2002-09-25 at 21:27, Volker Quetschke wrote:
> Hi Robert,
> > Right, well I'll happily run generate checksums of what I download, and
> > if the poster to here posts the expected checksums, in a gpg signed
> > message, then we can be fairly sure that whomever sent the email,
> > created the package files.
> >
> > Generating trust in a specific GPG signature takes time or a web of
> > trust, and is a related-but-separate discussion. I think that my GPG key
> > is well associated with me by now :] (Either that, or a very persistence
> > mimic :};}). One way would be for maintainers to follow a similar
> > approach and consistently sign their emails. YMMV.
> yes, but I need your public key to verify that you are really YOU.
>
> Where did you put your public key, I tried some keyservers but couldn't
> find you. Many "Robert Collins", but not with rbcollins@cygwin.com .
Ah yes, I had not uploaded a recent copy with the appropriate subkeys.
I've uploaded a new version, should replicate shortly :}.
rbtcollins@hotmail.com is the primary email on the old copy, if you want
to grab that.
Also, you could try
keyserver-options auto-key-retrieve
in your gnupg options file, I find it very useful.
Cheers,
Rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://cygwin.com/pipermail/cygwin/attachments/20020925/eb7f6687/attachment.sig>
More information about the Cygwin
mailing list