OpenPGP digital signature query

David Shaw dshaw at
Tue Apr 21 03:26:19 CEST 2009

On Apr 20, 2009, at 7:08 PM, Robert J. Hansen wrote:

> John Clizbe wrote:
>> Your interests would be best served by a) hiring the services of a
>> security consultant knowledgeable in the dealings of HIPAA  
>> specifically
>> as it relates to the FDA; b) consulting an attorney knowledgeable in
>> technology, c) both of the above.
> I'll go one step further: asking this query on an internet mailing  
> list
> could itself be seen as failure to exercise due care.  You don't know
> any of us here and cannot vouch for anyone's legal or technological
> acumen.  As far as due diligence is concerned, asking here --  
> instead of
> asking lawyers and security consultants -- is pretty much reckless
> disregard.

That's a pretty big step there.  Asking a user community of GnuPG a  
question about OpenPGP is not reckless disregard.  What you do with  
the *answer* might be reckless disregard, so John's advice to consult  
an attorney familiar with the issue is wise.

Asking questions is good.  Doing the right thing with the answers is,  
as always, the responsibility of the questioner.


More information about the Gnupg-users mailing list