22 Zář
2014
22 Zář
'14
11:06
mån 2014-09-22 klockan 10:19 +0200 skrev Ondřej Surý:
the APT key is signed by my quite strongly trusted[1]
GPG key:
...
We can get more developers to sign this Archive signing key,
but I think this is stronger assurance than unsigned server
content served by https://.
Anyway there's no problem publishing the fingerprint on the
webpage, so we'll do that anyway.
Thanks.
And yes, I agree that the gpg signature chain offers a potentially much
stronger level of assurance.
// Andreas