[Replicant] The web of trust

Denis 'GNUtoo' Carikli GNUtoo at cyberdimension.org
Sun Mar 31 21:04:46 UTC 2019


Hi,

On Sun, 31 Mar 2019 17:34:00 +0000
amuza <amuza at riseup.net> wrote:

> Replicant 6 images are not signed by Replicant Release's key, but by
> Wolfgang Wiedmeyer's key.
I don't remember why, but that was probably because it makes it harder
to accidentally leak the key, by not sharing the signature keys among
every Replicant developer making a release.

The Replicant 6.0 recovery also do check the signatures of the
installation zip, so we also rely on that to be able to simplify the
installation instructions.

The key will change for the next Replicant releases.

Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20190331/2db18dde/attachment.asc>


More information about the Replicant mailing list