On Fri, 25 Aug 2017 13:54:41 +0200 Anselm R Garbe <garb...@gmail.com> wrote:
Dear Anselm, > Either that, or perhaps we can reinstate the old fashion of > suckless.org/~user/ homedir. I gave it a bit more thought and realized that putting the keys all in one place defeats the purpose of PGP. If the server is compromised, an attacker would just have to additionally replace the keys in the homedirs besides replacing the signed release-tarballs with fraudulent ones that were signed with his "fraudulent" key. With best regards Laslo -- Laslo Hunhold <d...@frign.de>
