On Fri, Dec 26, 2014 at 2:56 AM, envite <env...@rolamasao.org> wrote: > > I've been thinking on how to sign Devuan Packages, and we need a > Repository Key and a hard set of trusted keys. >
Those are two separate problems, the repo key verifies the mirrors are getting a proper feed from master. Thats somewhat useful. Developer keys in the sense of conceptual continuity are semi-meaningfull and could be kept. SIGNED developer keys as in the Debian implementation are meaningless security theater and should be disposed of.
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
