[Replicant] The web of trust
amuza
amuza at riseup.net
Mon Apr 1 01:07:00 UTC 2019
Denis 'GNUtoo' Carikli:
> Hi,
>
> On Sun, 31 Mar 2019 17:34:00 +0000
> amuza <amuza at riseup.net> wrote:
>
>> Replicant 6 images are not signed by Replicant Release's key, but by
>> Wolfgang Wiedmeyer's key.
> I don't remember why, but that was probably because it makes it harder
> to accidentally leak the key, by not sharing the signature keys among
> every Replicant developer making a release.
>
> The Replicant 6.0 recovery also do check the signatures of the
> installation zip, so we also rely on that to be able to simplify the
> installation instructions.
>
> The key will change for the next Replicant releases.
>
> Denis.
>
Hi Denis, thank you for the answer.
I think it would be good -if you know each other- to sign your keys, and
make a stronger web of trust. At least having Wolfgang's key signed by
Replicant Release's key.
Cheers!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20190401/689e80ae/attachment.asc>
More information about the Replicant
mailing list