On Wed, 2008-11-12 at 12:00 +0100, Sonja Krause-Harder wrote:

Well, that's what keyservers are for, and coolo's key is signed by a long list of people who could have been forging a lot of suse accounts. ;-)

You could, of course, enter the (G)PG(P) trust network by creating and uploading your own key, and participate in a few key signing events, which probably would result in a trust chain from you to coolo pretty quickly.

Then I have to trust a key server ;) but yes, my key is uploaded there as well of course. After all I'm not that new to gpg anymore too.

But so far the only possibility you have is to drive to Nuernberg, check coolo's passport, and have him read his key fingerprint to you.

indeed.. who takes all those steps to give me wrongly signed rpms with all those forgings, will for sure not stop with a forged passport.

(And find someone to prove that coolo, the passport, and the SuSE office are not forged.)

Conspiracy total... I should hide back under the rocks... A satelite just spotted me. Dominique (PS: I would sign my mails too, but due to bug #421106 I'm aware that too many people have problems with this afterwards). -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org