Denis 'GNUtoo' Carikli: > Hi, > > On Sun, 31 Mar 2019 17:34:00 +0000 > amuza <[email protected]> wrote: > >> Replicant 6 images are not signed by Replicant Release's key, but by >> Wolfgang Wiedmeyer's key. > I don't remember why, but that was probably because it makes it harder > to accidentally leak the key, by not sharing the signature keys among > every Replicant developer making a release. > > The Replicant 6.0 recovery also do check the signatures of the > installation zip, so we also rely on that to be able to simplify the > installation instructions. > > The key will change for the next Replicant releases. > > Denis. >
Hi Denis, thank you for the answer. I think it would be good -if you know each other- to sign your keys, and make a stronger web of trust. At least having Wolfgang's key signed by Replicant Release's key. Cheers!
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Replicant mailing list [email protected] https://lists.osuosl.org/mailman/listinfo/replicant
