RFC: KDE server/service/location for public gpg keys of tarball signers & Co.
Friedrich W. H. Kossebau
kossebau at kde.org
Thu Aug 1 13:07:23 BST 2019
Hi,
those of you who make use of signed tarballs/binaries/other files on the
consumer side:
Please tell your use-case for accessing and using the public keys of the
signers, and what the options are you would like to see supported on KDE side.
Do so directly on the related task on Phabricator:
https://phabricator.kde.org/T11304
Also curious if the pure keys are fine, or if you would fancy whatever support
for keys signed by others, for some "KDE web of trust", given that the global
SKS system seems without a future, from what I understood.
Myself have not really experience in making use of signatures, but doing
signed tarballs for some KDE projects myself since some time, I would prefer
some sane organized place to put my key, also would prefer to know the signing
overhead makes sense by being relied on by at least some, in a proper way ;)
So: please head over to https://phabricator.kde.org/T11304 and share your
wisdom/needs.
TIA & Cheers
Friedrich
More information about the release-team
mailing list