[newmaint-site] Matching emails of same contributor ala carnivore - Was: Re: contributors.debian.org milestones
Enrico Zini
enrico at enricozini.org
Sat Dec 14 13:03:32 UTC 2013
On Sat, Dec 14, 2013 at 12:11:06PM +0100, Olivier Berger wrote:
> Reading "OpenPGP Key IDs are not useful"
> (http://debian-administration.org/users/dkg/weblog/105 , pointed to by
> zack this morning), I tend to think that we may need to instead use
> fingerprints to avoid collisions.
> What's your feeling ?
Totally agreed. Identifier (in the contributors models) has always been
thought to include fingerprints only, where GPG identifiers are
concerned.
carnivore/keyringanalyzer.py uses key IDs because in the original code
it used that way to correlate 'pub' entries to their 'uid' and 'fpr'
entries. If there can be some other way (like if gpg gives guarantees of
always showing material from the same key grouped together), I'd gladly
ignore key IDs completely. I agree with dkg: they're just potential
vectors of attack.
Ciao,
Enrico
--
GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico at enricozini.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/newmaint-site/attachments/20131214/b777a5e5/attachment.sig>
More information about the newmaint-site
mailing list