ATT: svn.kde.org has been updated
Martijn Klingens
klingens at kde.org
Mon Apr 11 20:53:25 BST 2005
On Monday 11 April 2005 02:09, Thiago Macieira wrote:
> It would, but the key is valid only for a month. We'll need a new key
> starting May 11th, so we'll keep having to update.
>
> Shouldn't we create a key that is valid for a year at least?
Once SVN is settled for real I suggest we take a real certificate signed by a
trusted 3rd party. Verisign is at the expensive side, but there are plenty of
others that are quite affordable, and it 1. gives a lot more professional
look and 2. can also be verified by people who don't have Ingo's GPG key in
their signed keyring.
As a sidenote, putting the website with the fingerprint for SVN in SVN doesn't
seem like the best idea to me -- anyone who can break into the svn server can
also easily update the website to reflect a new fingerprint. Perhaps it's an
idea to put an entire inline-signed message block there, so people can
copy-paste it through GPG to verify. With a proper 3rd party certificate
that's less of an issue though.
--
Martijn
More information about the kde-core-devel
mailing list