On Mar 22, 2020, Florian Zieboll wrote: > -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> On Sun, 22 Mar 2020 08:02:51 -0400
> Dan Purgert <dan@???> wrote:
> > On Mar 21, 2020, Adrian Zaugg wrote:
> > > Please get your keys always over secured connections. Use https.
> > The entire point of the public key is that it can be obtained over any
> > insecure medium, and still provide the correct signature verification.
> Hallo Dan,
> please re-check what you wrote here - I am sure that you have been
> confused. Let me correct your statement:
Your trust in my key (and therefore, my signature) should not be founded
on _where_ you got it from, but your own personal web of trust made up
of (hopefully!) people you know and trust to do their due diligence for
confirming I am me. (Or in the specific case of the devuan signing key,
that the devuan key is actually owned by the team).