|
From: | Brian May |
Subject: | Re: [Monotone-devel] Re: WARNING: ~/.monotone/keys CONSIDERED HARMFUL |
Date: | Tue, 21 Oct 2008 14:10:00 +1100 |
User-agent: | Thunderbird 2.0.0.17 (X11/20080925) |
Lapo Luchini wrote:
You still need some way of being able to tell that the revision was signed with the same key that was GPG signed. The keyid in monotone, as is, does not tell you this. It is possible to have multiple keys with the same keyid, possibly accidentally, or possibly a deliberate attempt to breach security.1. GPG-sign your monotone public key: this way people that trust your GPG key know that they can trust your monotone signatures (if they trust monotone itself, that is)
Brian May
[Prev in Thread] | Current Thread | [Next in Thread] |