remote-help-assistant team mailing list archive

[Andrew Sayers <andrew-bugs.launchpad.net@xxxxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sebastian Spiess wrote:
> Andrew Sayers wrote:
>> Could you try to verify the package again?  I've now uploaded my
>> signature to Ubuntu's key server, so gpg should be able to verify it.
>>
> 
> If I only do the check again and nothing else it gives still the same
> result

Right you are - it seems that you need to download my key manually the
first time, by doing:

	gpg --recv-keys E804FC6E

After that, you should be able to verify that each release of the
assistant was signed by the same person, but you'll be warned that you
don't really know who that person is.  In other words, it lets you
guarantee that assistant version n+1 will be as trustworthy as version n
was, but doesn't give any guarantees about version n.


Unless you object, I'll start signing my e-mails to the list using the
same key, so that there's clear information about the key being used, if
it should be needed in future.

	- Andrew

P.S. I do like the PPA idea, and I plan to jump on it as soon as it's
secure.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFI7g7KGRQTxegE/G4RAnRwAJ9/8Y+QX9Jj7HaZ5WwnTg7xuCyp+ACfQ0IC
HWekol6WTYveb1V/kezLk2g=
=qKgO
-----END PGP SIGNATURE-----