Date: Thu, 02 May 2013 11:19:49 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Alistair Crooks <agc@...src.org> Subject: Re: upstream source code authenticity checking -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/02/2013 09:24 AM, Alistair Crooks wrote: > And if you seriously think someone who searches for my public key > on a webserver, or through mail, or business card, etc, downloads > my public key from one of the servers, imports it into their own > pubring, signs it with their own private key, then mails it to me, > or uploads it to one of the key servers, all without trusting me in > any way, then I'll show you a pretty awful stalker (and fairly > inefficient one, due to the need to sign my pubkey), a fan boy > (which is hardly likely to happen in my case), or someone who is > rather sad. (I'm discounting impaired judgement due to the baroque > processes involved here, sorry xkcd). http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x160D45535E267993 It happens, I have no idea who Rafael Alfredo Capucho <rafael.capucho@...il.com> is. > > i.e. no-one goes to that kind of trouble just to say "I know this > person" - that's what facebook and google+ are for. > > Regards, Alistair > - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRgqA0AAoJEBYNRVNeJnmTzKcP/2CpEfgyC7tm8nMgPcK62ZWK 1sKctmYKbUiv/UIhXR92CyoT/A94Tqi0rZmdj5uCVpyrvyy/T/99WyNUMsv/s5Nf zeoEVgdI5+ErayhusJ5MjxgvRHRlmT/JMYDPuxkXB4ePhnWihndbUjHZyEPEa3Py JkAA4fveTTM1lE17W1ZQbAJTLfa1+0Tzr3OvpzUu7axpBktJJ0LgeaJrHteqpi5j fizKWSznTXvKFwxS7YUmed1un2VA4fnlRQ9MXFxyowzWBJ6ujf1D0F6lCRn3S9SO mmFrkXqGmmk66UN/R8vCictGhXSBm5B/V4+bBXl6tegoHM/7nDpMh40nXRvjAoa8 PErtrgD5vkC/NnCK3Nuwnz8tpXe8BXHfwOWblcT47KcpzP3+czzclTTyivJpWLP2 XvfvUL9GoOr7AL3BMxux5QN9gpPfPK0LUls8T+GCqBrPdzmyuupHSpbd44TG6h6r sSzG5nraQIKJBYcf2/ANdmNtF8noxBJkK37/1EhfnhJzaLNO/il43Rt0FT5jQ/El Je4kZu53clZBm5N0oguLl/gHb7dX1TwyqCkuWuQ7qfs6IzI59HM/puSKyWFONIUt /7aqDxEahHZxK3rMOZuSj570UgIkXGvourH6130ue1Awa1htn/ivniOOBMiemvnK 1A34F5DQzDxqez/NfBKJ =9FnX -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.