Re: [Evolution] GPG Auto download pub keys



On Sat, 09 May 2015 17:36:17 +0100, Pete Biggs wrote:
I totally understand what you are saying.

And I absolutely agree with your argument. However, a web of trust has
got it's weak points too.

I "automatically" trust the key package of the distro I'm using, when
there's a release of new keys for signing packages, because the chain of
trusted keys at least is halfway comprehensible. But automatically
accepting each key needed to check the signature of an email is risky.
A user should care about the keys and be aware about the accepted
keys. A mouse click isn't much work.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]