[aur-general] Spammer Accounts

Ralf Mardorf ralf.mardorf at alice-dsl.net
Mon Jun 24 08:55:29 UTC 2019


On Mon, 24 Jun 2019 08:27:58 +0200, Ralf Mardorf wrote:
>On Mon, 24 Jun 2019 11:25:04 +0530, Ram Kumar via aur-general wrote:
>>the signature which is attached here with, is a public key of yours
>>and can be used to encrypt the messages which are to be sent to you,
>>and you can decrypt it using ur private key.
>>
>>Am i understood correctly?  
>
>The purpose of signing messages, which is usually frowned upon on
>almost all mailing lists, ensures that the content of a mail can't be
>changed without getting attantion and to ensure that the sender _is_
>really the sender and not just somebody who pretends to be the sender.
>This works even while those mails are _not_ encrypted. You need to
>import the public key, to verify the signed email and you need to
>maintain a web of trust, to verify the imported key first.

PS:

My apologies, I forgot to point out, no, you are mistaken.

Actually it is possible to attach the public key to an email, too, but
you are referring to the signing. It's the "code" to verify the signed
email, not the public key. You still need to get the key from
somewhere. Usually it was uploaded to a keyserver from where you could
download it and then you need to import the key.


More information about the aur-general mailing list