gpg keychain repo?

Norbert Preining norbert at preining.info
Tue Jun 29 07:55:01 BST 2021


Hi Harald,

> repo. in part because keyservers are proofing unreliable, in part
> because we believe it may be more annoying to (securely) fetch a key
> from a keyserver than fish it out of a repo.

Indeed.

> would distros at all be interested in this and be able to easily use
> keys from a git repo we host on invent.kde.org instead of a gpg

Here at Debian verification of the tarball signatures is integral part,
so having an easy way to pull a key (best actually without signatures,
just a plain key) from a *defined* location that would make things
easier in case of changes of keys.

Thanks

Norbert

--
PREINING Norbert                              https://www.preining.info
Fujitsu Research  +  IFMGA Guide  +  TU Wien  +  TeX Live  + Debian Dev
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13


More information about the Distributions mailing list