2009/8/10 Julian Edwards <[email protected]>: > The original intention was to have the PPA owner sign the key. Signing with > one master key doesn't really achieve anything other than redirecting the > issue of trust to another machine-owned key (as opposed to human-owned) that > you don't necessarily know about. > > Do you think we need better instructions for PPA owners telling them to sign > the PPA key? Could we show keys that signed it on the PPA page itself?
I've never seen such an instruction, so maybe you do need better instructions - perhaps when setting up the archive you could send mail to the team owners and/or show a message on the archive page. The keyserver does actually have a page that shows signers so you could just link to that. There is some weakness that the keyserver links are not over https. -- Martin <http://launchpad.net/~mbp/> _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
