On Wed, Nov 12, 2008 at 11:53:31AM +0100, Dominique Leuenberger wrote:
On Wed, 2008-11-12 at 11:37 +0100, Stephan Kulow wrote:
I hope you trust me.
Nah, how could I!
Even though your mail is signed, I don't have your public key, which of course you could send me now by mail. BUT: this could be the same forged accunt sending me any public key that was used previously to sign that email.
Well, that's what keyservers are for, and coolo's key is signed by a long list of people who could have been forging a lot of suse accounts. ;-) You could, of course, enter the (G)PG(P) trust network by creating and uploading your own key, and participate in a few key signing events, which probably would result in a trust chain from you to coolo pretty quickly. But so far the only possibility you have is to drive to Nuernberg, check coolo's passport, and have him read his key fingerprint to you. (And find someone to prove that coolo, the passport, and the SuSE office are not forged.) ;-) cheers, Sonja -- Sonja Krause-Harder (skh@suse.de) SUSE Research & Development ----------------------------------------------------------------- SUSE Linux Products GmbH GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org