On Wed, Jul 20, 2011 at 12:32:32PM +0200, markus schnalke wrote:
> On 20 July 2011 11:06, Nick <suckless-dev_AT_njw.me.uk> wrote:
> > But just downloading the key from a keyserver, even if it isn't
> > trusted by your web of trust, is better than e.g. just
> > distributing a hash, [...]
>
> The concept of PGP trust lies in the Web-of-Trust, nowhere else. If
> you don't find a trust-path from you to the signing key, then the
> signature does only provide the information of a checksum hash.
Yes. I was being slightly unreasonable in saying it was
better. I only meant it's like a "hash with benefits", e.g. it
does hashing, plus verification if you want / need it.
Received on Wed Jul 20 2011 - 13:38:15 CEST
This archive was generated by hypermail 2.2.0 : Wed Jul 20 2011 - 13:48:03 CEST