Hi,
On Thu, Apr 10, 2014 at 01:50:27PM +0200, David Sommerseth wrote:
> Samuli: Maybe our release announcements should be PGP signed, with
> sha256sums of the files we're releasing? And maybe we should consider
> a possibility to host at least a copy of the PGP signatures of our
> files on an external server too? (That should *not* be a mirrored
> setup, but somehow distributed outside of a public HTTP{,S})
>
> <paranoid mode="off"/>
Well, since this is PGP/GPG, we could just use the power of the Web-of-Trust
and have all the active developers sign the release key - that way it
doesn't matter where the key can be found, it has signatures to prove
that "yes, this is the key Gert and David signed".
Now, whether you should trust *me* is a different matter :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpNTajwnAslC.pgp
Description: PGP signature
------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
