Re: signing releases

Per Olofsson wrote: Of course, there are all sorts of security issues here involving key distribution and the like, but the point is that it would still be much more secure than the present situation. Establishing a trust-path by getting your key signed would be an improvement, but it is not

Re: signing releases

Hi, Jürgen Spitzmüller wrote: Jean-Marc Lasgouttes wrote: I guess we would need one key for you and one for Jose (we cannot share a LyX key). I have a key. But I guess it is not very authorative (due to missing counter- signs). Well, even if your keys are not signed by anyone, it still

Re: signing releases

Per Olofsson wrote: > Of course, there are all sorts of security issues here involving key > distribution and the like, but the point is that it would still be > much more secure than the present situation. Establishing a trust-path > by getting your key signed would be an improvement, but it is

Re: signing releases

Hi, Jürgen Spitzmüller wrote: > Jean-Marc Lasgouttes wrote: >> I guess we would need one key for you and one for Jose (we cannot share >> a LyX key). > > I have a key. But I guess it is not very authorative (due to missing counter- > signs). Well, even if your keys are not signed by anyone, it

Re: signing releases

Jürgen Spitzmüller juer...@spitzmueller.org writes: Jean-Marc Lasgouttes wrote: Have you thought about GPG-signing the LyX tarballs? As a Debian packager, it would make me feel a bit safer :-) Juergen, I think it would be an excellent idea. What is the correct procedure to do this? It

Re: signing releases

Jean-Marc Lasgouttes wrote: I guess we would need one key for you and one for Jose (we cannot share a LyX key). I have a key. But I guess it is not very authorative (due to missing counter- signs). And on the server, we would just upload the sig-Files matching the tarballs? Jürgen

Re: signing releases

Jürgen Spitzmüller writes: > Jean-Marc Lasgouttes wrote: >> > Have you thought about GPG-signing the LyX tarballs? As a Debian >> > packager, it would make me feel a bit safer :-) >> >> Juergen, I think it would be an excellent idea. > > What is the correct procedure to

Re: signing releases

Jean-Marc Lasgouttes wrote: > I guess we would need one key for you and one for Jose (we cannot share > a LyX key). I have a key. But I guess it is not very authorative (due to missing counter- signs). And on the server, we would just upload the sig-Files matching the tarballs? Jürgen

signing releases

Hi LyX developers, Have you thought about GPG-signing the LyX tarballs? As a Debian packager, it would make me feel a bit safer :-) -- Pelle [please cc me on replies]

Re: signing releases

Have you thought about GPG-signing the LyX tarballs? As a Debian packager, it would make me feel a bit safer :-) Juergen, I think it would be an excellent idea. JMarc

Re: signing releases

Jean-Marc Lasgouttes wrote: Have you thought about GPG-signing the LyX tarballs? As a Debian packager, it would make me feel a bit safer :-) Juergen, I think it would be an excellent idea. What is the correct procedure to do this? Jürgen

signing releases

Hi LyX developers, Have you thought about GPG-signing the LyX tarballs? As a Debian packager, it would make me feel a bit safer :-) -- Pelle [please cc me on replies]

Re: signing releases

Have you thought about GPG-signing the LyX tarballs? As a Debian packager, it would make me feel a bit safer :-) Juergen, I think it would be an excellent idea. JMarc

Re: signing releases

Jean-Marc Lasgouttes wrote: > > Have you thought about GPG-signing the LyX tarballs? As a Debian > > packager, it would make me feel a bit safer :-) > > Juergen, I think it would be an excellent idea. What is the correct procedure to do this? Jürgen