can someone verify the gnupg Fingerprint for pubkey?
Robert J. Hansen
rjh at sixdemonbag.org
Sat Jun 9 22:55:29 CEST 2012
On 6/9/2012 4:14 PM, Peter Lebbing wrote:
> Where the question is going is rather simple: what would you
> recommend Joe Average User to do to verify the authenticity of the
> GnuPG source he downloaded, not questioning his desire to build from
> that source.
Ah, I see. I apologize for not understanding sooner: I thought you were
trying to illustrate a point.
I'm generally not comfortable giving advice about what people should do.
I'm comfortable making factual statements, presenting options, talking
about my own practices or giving perspectives, but I really want to
avoid the recommending-what-people-should-do route. I'm not comfortable
with that, not unless I'm billing by the hour and have a liability
waiver signed in blood. :)
That said, I have found it useful as a general principle to avoid
introducing new points of fiat validity. When possible, new sources
should be certified through existing validated certificates.
Considering my points of fiat validity and minimizing their number has
always served me well.
More information about the Gnupg-users
mailing list