On 15/02/2022 23:37, Dan Mahoney wrote:
That's a decision I leave up to the people who *make* the key (and the software that it's signing).
Sorry, from your previous message it sounded like you were publishing your own software.
(and it's no longer the case that you can publish just anyone's key)
This is not true, you can still publish any key you want. In the specific case that you publish to keys.openpgp.org it will not be searchable by userid until the key owner verifies it, but your use case only requires lookup by fingerprint, so that doesn't arise.
Right now, the decision is that our key (signed with our prior-year key) is on our website and FTP (also via https) site, and we do not assert that it's available on the keyservers.
OK, but again I'm curious about the reasoning... -- Andrew Gallagher
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
