Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Subject: Re: Package review status
From: Robert Collins <rbcollins AT cygwin DOT com>
To: Volker Quetschke <quetschke AT scytek DOT de>
Cc: cygwin AT cygwin DOT com
In-Reply-To: <3D919DA9.1010503@scytek.de>
References: <LPEHIHGCJOAIPFLADJAHKEJMCNAA DOT chris AT atomice DOT net>
	<1032951025 DOT 8300 DOT 101 DOT camel AT lifelesswks>  <3D919DA9 DOT 1010503 AT scytek DOT de>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature";
	boundary="=-7zE2f9GaB2b69JF4oPCi"
Date: 25 Sep 2002 21:45:42 +1000
Message-Id: <1032954343.22908.5.camel@lifelesswks>
Mime-Version: 1.0

--=-7zE2f9GaB2b69JF4oPCi
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2002-09-25 at 21:27, Volker Quetschke wrote:=20
> Hi Robert,
> > Right, well I'll happily run generate checksums of what I download, and
> > if the poster to here posts the expected checksums, in a gpg signed
> > message, then we can be fairly sure that whomever sent the email,
> > created the package files.
> >=20
> > Generating trust in a specific GPG signature takes time or a web of
> > trust, and is a related-but-separate discussion. I think that my GPG ke=
y
> > is well associated with me by now :] (Either that, or a very persistenc=
e
> > mimic :};}). One way would be for maintainers to follow a similar
> > approach and consistently sign their emails. YMMV.

> yes, but I need your public key to verify that you are really YOU.
>=20
> Where did you put your public key, I tried some keyservers but couldn't
> find you. Many "Robert Collins", but not with rbcollins AT cygwin DOT com .

Ah yes, I had not uploaded a recent copy with the appropriate subkeys.

I've uploaded a new version, should replicate shortly :}.
rbtcollins AT hotmail DOT com is the primary email on the old copy, if you want
to grab that.

Also, you could try=20
keyserver-options auto-key-retrieve
in your gnupg options file, I find it very useful.

Cheers,
Rob


--=-7zE2f9GaB2b69JF4oPCi
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQA9kaHmI5+kQ8LJcoIRAgBxAJ4z2f8Uh7q9hvLK8O8esr3LyU1/NwCfQwT2
2sc47wHM3GqbzscUmzFmntU=
=WGbY
-----END PGP SIGNATURE-----

--=-7zE2f9GaB2b69JF4oPCi--