:: Re: [Dng] Devuan Keyring
Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Vince Mulhollon
Fecha:  
A: dng
Asunto: Re: [Dng] Devuan Keyring
On Fri, Dec 26, 2014 at 2:56 AM, envite <envite@???> wrote:
>
> I've been thinking on how to sign Devuan Packages, and we need a
> Repository Key and a hard set of trusted keys.
>


Those are two separate problems, the repo key verifies the mirrors are
getting a proper feed from master. Thats somewhat useful.

Developer keys in the sense of conceptual continuity are semi-meaningfull
and could be kept.

SIGNED developer keys as in the Debian implementation are meaningless
security theater and should be disposed of.