Hi, shirish शिरीष wrote: > Is there any other compelling reason for non-technical, contributors > having no upload rights to use WoT , apart from being part of an > awesome developer's key ?
In the reverse direction: meeting developers who are in the WoT and receiving their key fingerprint in person, allows you to verify GPG signatures on software releases or install media. You can't really be sure anything is legitimate until you have verified one or more developers' fingerprints with a trust path to the archive or release-signing key. For this reason it is good to have cross-signatures between developers in isolate regions, especially if one's access to software or the Internet is subject to censorship or deliberate tampering. Regards, -- Steven Chamberlain [email protected]
signature.asc
Description: Digital signature
_______________________________________________ Debconf-discuss mailing list [email protected] http://lists.debconf.org/mailman/listinfo/debconf-discuss
