Configuration of mercurial serving

gillou.ray at free.fr gillou.ray at free.fr
Sun Jun 3 20:47:35 EDT 2012


On Sun, 03 Jun 2012 11:44:47 -0400
John Bailey <rekkanoryo at rekkanoryo.org> wrote:

> Please send me your ssh public keys off-list.  Either pidgin.im XMPP
> or this e-mail address work for me.  If you use e-mail and have a PGP
> key, please either sign or encrypt the message (encryption would be
> preferred).

There is no point in encrypting such a thing because it’s not secret at
all. However, it should be signed to ensure its authenticity, so that
you know that you’re not going to give the access to some random people
who sent you a spoofed mail (which may be encrypted, or not). Or to
some people who would have modified one’s mail one its way, replacing
the legitimate SSH key with its own (I agree it’s very unlikely but
well, it’s possible).

Because of this, you should discard any unsigned mails containing SSH
public keys you received so far.

Apart from that, thank you for all your work on this transition to
Mercurial! :-)

		— gillux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://pidgin.im/pipermail/devel/attachments/20120604/73c3aa25/attachment.sig>


More information about the Devel mailing list