[OSDC Israel] PGP Keysigning BOF
Steph Fox
steph at zend.com
Fri Feb 17 01:32:17 PST 2006
>>You would want it not only if you're suffering from paranoia or if
>>you intend on being a terrorist ;-)
>>
>>In my opinion This is important because in this day and age of NSA
>>wire tapping without warrants, identity theft, and so forth,
>>people should be made aware of technologies that allow them to
>>protect their privacy, even if they don't need to actively protect
>>their privacy (yet).
>>
>>This is mostly an awareness/principal issue, but the communal aspect
>>is also important - a good trust network means that others who *do*
>>need the privacy features will benefit from your participation in
>>the key signing festivities.
>>
>>
>>
> You forgot to mention one aspect which is specificly useful for Open
> Source Developers:
>
> If you have your key signed, you can post/upload signed files and
> patches, that people can be sure are from YOU.
> If you participate in a public, decentralized project, this is a crucial
> element - otherwise your codebase would be
> wide open for crackers and assorted troublemakers to insert their
> malicious stuff.
> Many projects have already incorporated gpg signing/verifying into
> their infratructure (e.g. Debian ...)
What, no CVS/SVN?
- Steph
More information about the OSDC-discuss
mailing list