Unless the user understands the limitations of DKIM, they won't understand what they are accepting.
DKIM is substantially less strong cryptographically than gpg, so don't draw the equivalence too strongly. For most purposes, you're probably close enough. If there were a way to affect the contents of the archive or a PPA, then I'd still definitely insist on gpg.
Unless the user understands the limitations of DKIM, they won't understand what they are accepting.
DKIM is substantially less strong cryptographically than gpg, so don't draw the equivalence too strongly. For most purposes, you're probably close enough. If there were a way to affect the contents of the archive or a PPA, then I'd still definitely insist on gpg.
Scott K