Le 09/11/2025 à 22:31, Simon Josefsson a écrit :
Yadd <[email protected]> writes:
SSH signatures are more of a gimmick than a true electronic signature;
I don't see the point of putting them on the same level as a GPG
signature in uscan.
What do you mean by gimmick? SSH signature support seems to be on-par
with PGP in plenty of eco-systems including github, gitlab etc.
/Simon
No trust system or public database, no expiration date, no revocation
system, same key used for auth and sig which is a by-design
vulnerability,...
