* Re: [gentoo-dev] Re: rejecting unsigned commits
@ 2011-04-05 3:36 99% ` Jeroen Roovers
0 siblings, 0 replies; 1+ results
From: Jeroen Roovers @ 2011-04-05 3:36 UTC (permalink / raw
To: gentoo-dev
On Fri, 25 Mar 2011 10:44:31 +0100
"Andreas K. Huettel" <dilfridge@gentoo.org> wrote:
> * the signature proves the key belongs to the e-mail address, nothing
> else
Anyone could generate a signature with one of my @g.o e-mail addresses
in it, then pass themselves off as myself, right? If they then trick you
into thinking that I sent the mail you received, signed with their key,
they're all set. Having the "right" e-mail address in the key would not
improve anything.
> * the e-mail address is given to the owner of the key during
> recruitment
It's been a while, but I am certain I did not have a @gentoo.org
address yet _during_ recruitment, and I was instead asked to provide an
address that I _did_ already use. It looks like that still has not
changed.[1] Looking at the e-mail from that time, it seems I had been
asked to sign my SSH key with it and send it to recruiters@.
jer
[1] http://www.gentoo.org/doc/en/gnupg-user.xml#doc_chap2
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2011-03-24 21:59 [gentoo-dev] rejecting unsigned commits Mike Frysinger
2011-03-25 8:53 ` [gentoo-dev] " Andreas K. Huettel
2011-03-25 9:11 ` Antoni Grzymala
2011-03-25 9:44 ` Andreas K. Huettel
2011-04-05 3:36 99% ` Jeroen Roovers
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox