On Fri, Dec 26, 2014 at 2:56 AM, envite <envite@???> wrote: >
> I've been thinking on how to sign Devuan Packages, and we need a
> Repository Key and a hard set of trusted keys.
>
Those are two separate problems, the repo key verifies the mirrors are
getting a proper feed from master. Thats somewhat useful.
Developer keys in the sense of conceptual continuity are semi-meaningfull
and could be kept.
SIGNED developer keys as in the Debian implementation are meaningless
security theater and should be disposed of.