Re: Signing Request

From: Doug Barton <dougb_at_FreeBSD.org>
Date: Tue, 29 Sep 2009 11:00:08 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

FYI, cross-posting to more than one list is discouraged.

J. Hellenthal wrote:
> On Wed, 23 Sep 2009 11:40 -0000, jhellenthal wrote:
> 
>>
>> If you do not need to pgp/gpg sign email message to the lists please
>> don't.

I think a lot of people would define "need" differently than you do.
Part of being on a public mailing list is dealing with traffic in
formats that you don't necessarily like or would choose to use. The
robustness principle fits here, "Be liberal in what you accept, and
conservative in what you send."

>> I know I probably don't have your pgp public key and a lot more
>> users probably do not either. 

There are ways to address that problem. I see that you're using
Alpine, not sure what you're using for PGP in association with that.
My own mail/pine-pgp-filters port works quite well for this purpose.
You can also include the following in your gpg.conf:

keyserver-options auto-key-retrieve

which will retrieve the keys for you without intervention. (FWIW, I
also recommend the options no-include-revoked, import-clean, and
export-clean.)

Personally I keep the keys that I care about in their own keyring
files, and allow the "random" keys to be imported into pubring.gpg.
That way I can nuke that ring, or keys on it any time and know I'm not
losing anything important. I'll leave that configuration as an
exercise for the reader. :)

> If I do not have your public key in my keyring then I do not want it, do
> not need it and have no use for it at this time. This keeps my keyring
> small and manageable.

Well yay for you! :)  However explaining your reasoning isn't making
you sound any more reasonable. The "public" part of "public key
cryptography" is often messy, you need to learn how to deal with it.


hth,

Doug (who signed this message so everyone would know it's from me, no
tweak intended)

- --

    This .signature sanitized for your protection

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)

iEYEAREDAAYFAkrCSygACgkQyIakK9Wy8PvZBQCcCSp1KEprBdrmG2nN4HZCkxA2
4GAAoPVZN5OXxsDjYzNtVOd3IAvBYQ08
=fRlR
-----END PGP SIGNATURE-----
Received on Tue Sep 29 2009 - 16:00:13 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:56 UTC