gpg keychain repo?
Norbert Preining
norbert at preining.info
Tue Jun 29 07:55:01 BST 2021
Hi Harald,
> repo. in part because keyservers are proofing unreliable, in part
> because we believe it may be more annoying to (securely) fetch a key
> from a keyserver than fish it out of a repo.
Indeed.
> would distros at all be interested in this and be able to easily use
> keys from a git repo we host on invent.kde.org instead of a gpg
Here at Debian verification of the tarball signatures is integral part,
so having an easy way to pull a key (best actually without signatures,
just a plain key) from a *defined* location that would make things
easier in case of changes of keys.
Thanks
Norbert
--
PREINING Norbert https://www.preining.info
Fujitsu Research + IFMGA Guide + TU Wien + TeX Live + Debian Dev
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
More information about the Distributions
mailing list