gpg keychain repo?
Ben Cooksley
bcooksley at kde.org
Tue Jun 29 07:44:17 BST 2021
On Tue, Jun 29, 2021 at 7:02 AM Fabian Vogt <fabian at ritter-vogt.de> wrote:
> Hi,
>
> Am Montag, 28. Juni 2021, 12:28:47 CEST schrieb Harald Sitter:
> > Hi
> >
> > at akademy we were musing on the possibility of having a keychain
> > repo. in part because keyservers are proofing unreliable, in part
> > because we believe it may be more annoying to (securely) fetch a key
> > from a keyserver than fish it out of a repo.
> >
> > so...
> > would distros at all be interested in this and be able to easily use
> > keys from a git repo we host on invent.kde.org instead of a gpg
> > keyserver?
>
> So far my collection of maintainer keys grew also through keys attached to
> release announcements. A more central collection of all keys (in addition)
> would be useful though, especially with some metainfo.
>
> Though I'm wondering how this approach would work with signatures. Simply
> pushing new signatures to the keyserver wouldn't be possible, would this
> forego signatures completely or allow them with MRs?
>
I guess it depends on how important these signatures are - if people place
a high value in them then we could certainly look at ways of accommodating
them in the keychain.
All keys would be submitted to this keychain using merge requests.
>
> Cheers,
> Fabian
>
Cheers,
Ben
> >
> > HS
> >
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/distributions/attachments/20210629/490af059/attachment.htm>
More information about the Distributions
mailing list