gpg keychain repo?

Fabian Vogt fabian at ritter-vogt.de
Mon Jun 28 20:02:05 BST 2021


Hi,

Am Montag, 28. Juni 2021, 12:28:47 CEST schrieb Harald Sitter:
> Hi
> 
> at akademy we were musing on the possibility of having a keychain
> repo. in part because keyservers are proofing unreliable, in part
> because we believe it may be more annoying to (securely) fetch a key
> from a keyserver than fish it out of a repo.
> 
> so...
> would distros at all be interested in this and be able to easily use
> keys from a git repo we host on invent.kde.org instead of a gpg
> keyserver?

So far my collection of maintainer keys grew also through keys attached to
release announcements. A more central collection of all keys (in addition)
would be useful though, especially with some metainfo.

Though I'm wondering how this approach would work with signatures. Simply
pushing new signatures to the keyserver wouldn't be possible, would this
forego signatures completely or allow them with MRs?

Cheers,
Fabian

> 
> HS
> 






More information about the Distributions mailing list