Brandon Invergo <[email protected]> skribis: > On Mon, 2015-10-12 at 09:37 +0100, Brandon Invergo wrote: > >> I could swear that previously a keyring of the GNU maintainers was >> made available by the FSF somewhere but I cannot find it. > > http://ftp.gnu.org/gnu/gnu-keyring.gpg
The main issue is that this file is not signed (that would have to be done by the person responsible for FTP uploads, presumably an FSF employee.) A second issue, as Mark wrote, is that it is coarse-grain: it does not tell exactly which package a given key corresponds to. However, this package → keys mapping necessarily exists somewhere. I think we should ask the FSF to publish it and provide a way to authenticate it. WDYT? Ludo’.
