forrest-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Brondsema <>
Subject Re: PGP keys
Date Thu, 07 Oct 2004 02:26:58 GMT
David Crossley wrote:
> David Crossley wrote:
>>Dave Brondsema wrote:
>>>All we really need is the ascii-armored public key block.  The owner 
>>>email address and signer's email addresses are just for convenience. 
>>>I'd be fine with removing the list of signers since that is a lot to 
>>>scroll past.  We should keep the owners email address though.
>>Okay, we should do that.
>>>Strictly speaking, we don't need the KEYS file at all.  If we create a 
>>>signature file with appended signatures from each of us, then running 
>>>verify will tell the user which keys were used.  If they don't have 
>>>those keys in their keyring they can download them from the keyserver.
>>That sounds a lot smoother. We just need to document that
>>process on our download page and in docs. I suggest that
>>we retain the KEYS file for this release because we are too
>>close to our release date. For the next release we could do
>>as you suggest and follow up on Dirk's suggestion.
> However, i wonder how the web of trust pages are generated.
> Do they rely on the presence of the KEYS file?

Those could be modified to also look for the .asc signatures, I expect. 
  I never knew those existed, thanks for mentioning it.

Dave Brondsema : : programming : student org : personal

View raw message