On Thu, 10 May 2012, Tony van der Hoff wrote: > I've learned a lot about GPG signing during the last few days. I can see > there are benefits where the recipient needs to be absolutely certain > that the sender is known to him.
Yes. Or that the sender belongs to a certain group, for which an authoritative keyring is maintained. > That is certainly not the way mailing lists work, so causing a block of > some 400 characters to be sent to each and every subscriber is pure > self-indulgence, on the scale of insisting on sending HTML-formatted > mail. On balance, I think I prefer the latter. > > I have come to the conclusion that a GPG signature in these > circumstances says more about the sender's sense of self-importance than > anything else. Not always. Debian has a few mailing-lists where only signed mail by a Debian Developer is accepted (the -announce ones). Also, some information is considered critical enough that it is always sent signed. And yes, people DO make a fuss if the signature doesn't verify :) I've seen lots of PGP/MIME and S/MIME signed mails on MLs over the years, and any MUA worth using will do something smart with it (such as hide the mess and not bother the user if he is not validating signatures). Incorrectly-formatted PGP/MIME, as well as inline signatures are far more cubbersome on most MUAs, so they're far more likely to cause huge threads when used in an indiscriminate way. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120510212929.gb21...@khazad-dum.debian.net
