Please notice that with the latest OpenPKG 2-STABLE bootstrap packages, there are now distributed and installed three(!) distinct OpenPGP public keys corresponding the our three OpenPKG organizations. The public key of the OpenPKG project is still exactly the same as it is since many years, but it is now accompanied by two additional keys of the OpenPKG GmbH and the OpenPKG Foundation e.V.
The public keys are still automatically injected into the OpenPKG RPM database and this way are immediately available to you for package verification via "openpkg rpm --checksig". Additionally, if you wish to verify the digital signatures on our security advisories, you have to setup GnuPG. A detailed overview of the thee public keys and a short documentation on how GnuPG can be used with our keys you can now find on the rewritten page: http://www.openpkg.org/security/signatures/ We've also finally reanimated our local OpenPGP key server under pgp.openpkg.org which now serves the three keys via the HKP keyserver protocol. PS: You think an own keyserver for just three keys is total overkill? Yes, of course. But our keyserver is based on our OpenPKG "pks" package and this way a complete setup of such a keyserver is just an "openpkg build pks | sh" step away ;-) As a result our documentation becomes more independent as we can use our own dedicated key server... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com ______________________________________________________________________ The OpenPKG Project www.openpkg.org User Communication List openpkg-users@openpkg.org
