On Mon, Aug 10, 2009 at 01:48:53PM +0100, Julian Edwards wrote: > On Monday 10 August 2009 13:35:37 Martin Pool wrote: > > 2009/8/10 Julian Edwards <[email protected]>: > > > The original intention was to have the PPA owner sign the key. Signing > > > with one master key doesn't really achieve anything other than > > > redirecting the issue of trust to another machine-owned key (as opposed > > > to human-owned) that you don't necessarily know about. > > > > > > Do you think we need better instructions for PPA owners telling them to > > > sign the PPA key? Could we show keys that signed it on the PPA page > > > itself? > > > > I've never seen such an instruction, so maybe you do need better > > instructions - perhaps when setting up the archive you could send mail > > to the team owners and/or show a message on the archive page. > > > > The keyserver does actually have a page that shows signers so you > > could just link to that. There is some weakness that the keyserver > > links are not over https. > > I think what we could do is put a nag message shown only to a PPA owner to > encourage them to sign the key, if it's not already been done.
I think the point in this thread is that signing the key doesn't actually achieve much and nagging the owner in that sense.. -- Christian Robottom Reis | [+55 16] 3376 0125 | http://launchpad.net/~kiko | [+55 16] 9112 6430 | http://async.com.br/~kiko _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
