Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 02 May 2013 11:19:49 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Alistair Crooks <agc@...src.org>
Subject: Re: upstream source code authenticity checking

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/02/2013 09:24 AM, Alistair Crooks wrote:
> And if you seriously think someone who searches for my public key
> on a webserver, or through mail, or business card, etc, downloads
> my public key from one of the servers, imports it into their own
> pubring, signs it with their own private key, then mails it to me,
> or uploads it to one of the key servers, all without trusting me in
> any way, then I'll show you a pretty awful stalker (and fairly
> inefficient one, due to the need to sign my pubkey), a fan boy
> (which is hardly likely to happen in my case), or someone who is
> rather sad. (I'm discounting impaired judgement due to the baroque
> processes involved here, sorry xkcd).


http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x160D45535E267993

It happens, I have no idea who Rafael Alfredo Capucho
<rafael.capucho@...il.com> is.

> 
> i.e. no-one goes to that kind of trouble just to say "I know this 
> person" - that's what facebook and google+ are for.
> 
> Regards, Alistair
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRgqA0AAoJEBYNRVNeJnmTzKcP/2CpEfgyC7tm8nMgPcK62ZWK
1sKctmYKbUiv/UIhXR92CyoT/A94Tqi0rZmdj5uCVpyrvyy/T/99WyNUMsv/s5Nf
zeoEVgdI5+ErayhusJ5MjxgvRHRlmT/JMYDPuxkXB4ePhnWihndbUjHZyEPEa3Py
JkAA4fveTTM1lE17W1ZQbAJTLfa1+0Tzr3OvpzUu7axpBktJJ0LgeaJrHteqpi5j
fizKWSznTXvKFwxS7YUmed1un2VA4fnlRQ9MXFxyowzWBJ6ujf1D0F6lCRn3S9SO
mmFrkXqGmmk66UN/R8vCictGhXSBm5B/V4+bBXl6tegoHM/7nDpMh40nXRvjAoa8
PErtrgD5vkC/NnCK3Nuwnz8tpXe8BXHfwOWblcT47KcpzP3+czzclTTyivJpWLP2
XvfvUL9GoOr7AL3BMxux5QN9gpPfPK0LUls8T+GCqBrPdzmyuupHSpbd44TG6h6r
sSzG5nraQIKJBYcf2/ANdmNtF8noxBJkK37/1EhfnhJzaLNO/il43Rt0FT5jQ/El
Je4kZu53clZBm5N0oguLl/gHb7dX1TwyqCkuWuQ7qfs6IzI59HM/puSKyWFONIUt
/7aqDxEahHZxK3rMOZuSj570UgIkXGvourH6130ue1Awa1htn/ivniOOBMiemvnK
1A34F5DQzDxqez/NfBKJ
=9FnX
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.