Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Subject: Re: Package review status From: Robert Collins To: Volker Quetschke Cc: cygwin AT cygwin DOT com In-Reply-To: <3D919DA9.1010503@scytek.de> References: <1032951025 DOT 8300 DOT 101 DOT camel AT lifelesswks> <3D919DA9 DOT 1010503 AT scytek DOT de> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-7zE2f9GaB2b69JF4oPCi" Date: 25 Sep 2002 21:45:42 +1000 Message-Id: <1032954343.22908.5.camel@lifelesswks> Mime-Version: 1.0 --=-7zE2f9GaB2b69JF4oPCi Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2002-09-25 at 21:27, Volker Quetschke wrote:=20 > Hi Robert, > > Right, well I'll happily run generate checksums of what I download, and > > if the poster to here posts the expected checksums, in a gpg signed > > message, then we can be fairly sure that whomever sent the email, > > created the package files. > >=20 > > Generating trust in a specific GPG signature takes time or a web of > > trust, and is a related-but-separate discussion. I think that my GPG ke= y > > is well associated with me by now :] (Either that, or a very persistenc= e > > mimic :};}). One way would be for maintainers to follow a similar > > approach and consistently sign their emails. YMMV. > yes, but I need your public key to verify that you are really YOU. >=20 > Where did you put your public key, I tried some keyservers but couldn't > find you. Many "Robert Collins", but not with rbcollins AT cygwin DOT com . Ah yes, I had not uploaded a recent copy with the appropriate subkeys. I've uploaded a new version, should replicate shortly :}. rbtcollins AT hotmail DOT com is the primary email on the old copy, if you want to grab that. Also, you could try=20 keyserver-options auto-key-retrieve in your gnupg options file, I find it very useful. Cheers, Rob --=-7zE2f9GaB2b69JF4oPCi Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQA9kaHmI5+kQ8LJcoIRAgBxAJ4z2f8Uh7q9hvLK8O8esr3LyU1/NwCfQwT2 2sc47wHM3GqbzscUmzFmntU= =WGbY -----END PGP SIGNATURE----- --=-7zE2f9GaB2b69JF4oPCi--