Le vendredi 04 février 2011 à 12:19 +0100, nicolas vigier a écrit : > On Mon, 31 Jan 2011, nicolas vigier wrote: > > > > > In this thread : > > https://www.mageia.org/pipermail/mageia-dev/20110128/002363.html > > misc proposed that we publish tarballs of our software on the mirrors, > > and sign them using a pgp key. So we need a key for that. We also want > > to sign ISOs, maybe with a different key. So I think we can do the same > > as for packages key, we create new keys for software releases and for > > ISOs, and we sign those keys with the board@ key. And we can tell > > everybody that all files released by the project are always signed by > > a key that was signed by the board@ key. > > So we need to decide which keys we need, before fosdem : > - for signing packages: [email protected] > - for signing software: [email protected] > - for signing ISOs : [email protected] > > Any other key needed ?
Seems good to me. -- Michael Scherer
