Hi,
With some keys it may be a little easier than others as if they are from an
apache address there is a higher implicit degree of trust. For example I’ve met
Julian in person in the past and would sign his key online (hint hint).
Justin
Hi,
> Xiangdong: But I wonder even all committers having signed PGP keys, how to
> use that in the release verification stage?
Hope these two links [1][2] helpful.
From my understanding, checking signatures include two steps.
The first step is to verify the connection of the file and the
Hi,
I think virtual keysigning is possible if there is some kind of trust.
I, for example, would feel comfortable enough to sign a key from people I know
via a Websession.
If official documents are prepared and scanned it can be done.
In the end, everybody has to decide which key he wants to