> -----Original Message-----
> From: pgadmin-hackers-owner@postgresql.org
> [mailto:pgadmin-hackers-owner@postgresql.org] On Behalf Of
> Troels Arvin
> Sent: 03 December 2004 16:58
> To: pgadmin-hackers@postgresql.org
> Subject: Re: [pgadmin-hackers] New ftp layout
>
> On Fri, 03 Dec 2004 16:21:42 +0000, blacknoz wrote:
>
> > Why don't you /simply/ upload your key to a keyserver?
>
> I should and I will, some day, when I get around to it (my
> older keys were also on keyservers). But I'm not very fond of
> keyservers; there seems to be several, uncoordinated key
> server projects and it's not clear where to go. Also: There
> is no way to revoke a key if you don't haven't prepared for
> revocation. Yes, one _should_ prepare for revocation, but
> that might not be clear to the beginner (like it wasn't clear
> to me when I started using PGP), so the keyservers slowly
> become cluttered with useless public keys (like my first key
> for which I forgot the pass phrase).
Ooh, that sounds *so* familiar - that's why there is an invalid
dpage@pgadmin.org key on keyserver.pgp.com that I can't delete!
> At any rate, in my opinion, people should be able to use RPM
> signature verification of the files distributed by pgadmin
> without having to use key-servers. Thus, it's still relevant
> that downloaders are somehow instructed in how to get the
> needed keys for RPM verification.
My key is on the website. It should probably be linked from the hall of
fame (http://www.pgadmin.org/pgadmin3/hall_of_fame.php) but currently is
only linked from the download page.
<snip>
> To sum up: I believe that signing of RPMs (and other types of
> signing) is of high practical use, and the pgadmin project
> should make use of it.
Agreed. I strongly encourage all our packagers to sign their work.
Regards, Dave.