:: Re: [Dng] Devuan Keyring
Página Principal
Delete this message
Reply to this message
Autor: Vince Mulhollon
Data:  
Para: dng
Assunto: Re: [Dng] Devuan Keyring
On Fri, Dec 26, 2014 at 2:56 AM, envite <envite@???> wrote:
>
> I've been thinking on how to sign Devuan Packages, and we need a
> Repository Key and a hard set of trusted keys.
>


Those are two separate problems, the repo key verifies the mirrors are
getting a proper feed from master. Thats somewhat useful.

Developer keys in the sense of conceptual continuity are semi-meaningfull
and could be kept.

SIGNED developer keys as in the Debian implementation are meaningless
security theater and should be disposed of.