RFC: KDE server/service/location for public gpg keys of tarball signers & Co.

Friedrich W. H. Kossebau kossebau at kde.org
Thu Aug 1 13:07:23 BST 2019


Hi,

those of you who make use of signed tarballs/binaries/other files on the 
consumer side:

Please tell your use-case for accessing and using the public keys of the 
signers, and what the options are you would like to see supported on KDE side. 
Do so directly on the related task on Phabricator:
    https://phabricator.kde.org/T11304

Also curious if the pure keys are fine, or if you would fancy whatever support 
for keys signed by others, for some "KDE web of trust", given that the global 
SKS system seems without a future, from what I understood.

Myself have not really experience in making use of signatures, but doing 
signed tarballs for some KDE projects myself since some time, I would prefer 
some sane organized place to put my key, also would prefer to know the signing 
overhead makes sense by being relied on by at least some, in a proper way ;)

So: please head over to https://phabricator.kde.org/T11304 and share your 
wisdom/needs.

TIA & Cheers
Friedrich




More information about the release-team mailing list