On Mon, 31 Jan 2011, nicolas vigier wrote: > > In this thread : > https://www.mageia.org/pipermail/mageia-dev/20110128/002363.html > misc proposed that we publish tarballs of our software on the mirrors, > and sign them using a pgp key. So we need a key for that. We also want > to sign ISOs, maybe with a different key. So I think we can do the same > as for packages key, we create new keys for software releases and for > ISOs, and we sign those keys with the board@ key. And we can tell > everybody that all files released by the project are always signed by > a key that was signed by the board@ key.
So we need to decide which keys we need, before fosdem : - for signing packages: [email protected] - for signing software: [email protected] - for signing ISOs : [email protected] Any other key needed ?
