@TrevorBramble RubyGems uses X509 certs to sign, not GPG since GPG doesn't come with ruby
-
-
Replying to @TrevorBramble
@TrevorBramble for signing gems see http://bit.ly/Vob3hV … hoe will sign for you once you've generated the key and cert, as will RubyGems 22 replies 1 retweet 0 likes -
Replying to @drbrain
@drbrain@TrevorBramble how do people know to trust the cert?3 replies 0 retweets 0 likes -
Replying to @tenderlove
@tenderlove@drbrain@TrevorBramble it's the same problem with PGP. How do you know the cert really belongs to the developer?2 replies 0 retweets 0 likes -
Replying to @postmodern_mod3
@postmodern_mod3@drbrain@TrevorBramble ah, so self-signed x509 is just as trustworthy as PGP? Makes sense.2 replies 0 retweets 0 likes -
Replying to @tenderlove
@tenderlove@drbrain@TrevorBramble you need face-to-face verification when signing certs/keys.1 reply 0 retweets 0 likes -
Replying to @postmodern_mod3
@postmodern_mod3@drbrain@TrevorBramble Yes. I heard that PGP’s web of trust concept doesn’t actually work.3 replies 0 retweets 0 likes -
Replying to @tenderlove
@tenderlove@drbrain@TrevorBramble please stop trolling. You must carefully verify other peoples identity/keys before signing them.2 replies 0 retweets 0 likes -
Replying to @postmodern_mod3
@postmodern_mod3@tenderlove@TrevorBramble who ensures every signed key's owner's identify was carefully verified?2 replies 0 retweets 0 likes
@drbrain @postmodern_mod3 @tenderlove @TrevorBramble that's what I'm offering to do, although I think I might be too lazy
-
-
Replying to @bascule
@bascule@drbrain@postmodern_mod3@tenderlove Happy to team up on this.0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.