On Wed, 2021-02-24 at 15:23 +0000, g4sra via Dng wrote:
> I don't like the way SSL Certs are managed....so that only leaves
> gpg.
>
> Recently had an issue with gpg which disturbed some grey cells and
> disrupted their slumber.
>
> I don't get out much (lockdown understatement) so my current 'web of
> trust' is zero and unlikely to expand anytime soon using the
> conventional method of exchanging keys down the pub. I am also aware
> that 'thinking' can be a dangerous pastime.....
>
> Is there any mileage or interest in a Devuan web of trust where we
> can exchange keys ?
>
> I would be interested to hear from the more security knowledgeable
> members on the list as to whether this is even feasible.
>
> Knowing that something had been signed by the Devuan Community would
> earn more trust from me than anything signed by Red Hat, IBM,
> Google..ad infinitum.


I think it's a great idea. I believe I've seen some users attach their
public key as part of their email signature on this list. I've thought
also about linking to a 'personal home page' that has my public key on
it but I'm not to that point yet.

Is it as simple as inviting anyone that wants to, to send their public
key to this list? I'm not experienced in web of trust common/accepted
practices but have been interested for some time.


Gabe