[admin] Re: Your common-lisp.net account

Martin Simmons martin at xanalys.com
Thu Jun 10 16:57:44 UTC 2004


>>>>> On Wed, 9 Jun 2004 18:17:56 +0300 (EEST), Nikodemus Siivola <tsiivola at cc.hut.fi> said:

  Nikodemus> On Wed, 9 Jun 2004, Martin Simmons wrote:

  >> Sorry, I'm not sure what I'm supposed to do here.  Is this public key related
  >> to the ~/.ssh/id_dsa.pub file that was generated by ssh-keygen?  I don't have
  >> gpg on the Mac where I ran this.

  Nikodemus> Apologies, I should have been clearer in the original message.

  Nikodemus> We treat developer GPG public keys as an opaque identities: if we need to
  Nikodemus> confirm that the person we're dealing with tomorrow is the same one that
  Nikodemus> originally got the account, or eg. in order to send out a passwords
  Nikodemus> encrypted. After the recent attack we're tightening up our procedures on
  Nikodemus> this front as well.

  Nikodemus> The pubkey.asc is entirely a GPG affair, unrelated to SSH. As long as
  Nikodemus> nothing untowards happens the matter of your GPG public key is not urgent.

  Nikodemus> If/when you have the occasion, installing GPG and uploading the public key
  Nikodemus> to your home directory would be a good insurance. If you have GPG
  Nikodemus> installed on some other computer you can of course export the key from
  Nikodemus> there as well -- the GPG keys are personal, not per computer like SSH
  Nikodemus> keys.

Thanks, I suspected they were different things.  I'll do this soon.

__Martin




More information about the Admin mailing list