Comment in cabot/README

Tue, 5 Aug 2003 16:36:19 +0200

--LQksG6bCIzRHxTLp
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

The comment at the end of the README is flawed IMHO.

I don't upload every single signed UID i recieve.
When someone signes multiple UIDs i usually recieve the signatures in a
batch. Then i have multiple mails in the folder. I certainly will read
them all first, thus import all my signed UIDs, then i will switch to
a terminal and upload my keys (my email client can easily decrypt, and
easily pipe the key to gpg --import, but uploading is something that is
easier to do outside the mail client!). That makes 7 decrypts and 1
upload in the example.

IMHO cabot should require the replies to be *signed*, not only
decrypted. That would increase security (and allow the verification of
sign-only keys.)

It would be nice if cabot would only send the own signatures to the
recipient to keep the mail size low. My key with all its signatures
is > 50k by now...
When writing such code, please do always develop so that a signer may
have multiple keys he uses for signing the uids.

Gruss,
Erich Schubert
--=20
    erich@(mucl.de|debian.org)      --      GPG Key ID: 4B3A135C    (o_
   There was never a good war or a bad peace. - Benjamin Franklin   //\
      Nichts l=E4=DFt die Erde so ger=E4umig erscheinen, als wenn man     V=
_/_
          Freunde in der Ferne hat. --- Henry David Thoreau

--LQksG6bCIzRHxTLp
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/L8DjntB470s6E1wRAvHCAJ96CxmBqsrs/Ee253Y+Efq7+vE58gCeJo/w
kY6E5NF2VHt53562eb/0gH0=
=S3xs
-----END PGP SIGNATURE-----

--LQksG6bCIzRHxTLp--