--- Comment #9 from T. Gries <> ---
(In reply to comment #8)
> This would pretty much require a shared private key by everyone on the
> security@ mailing list, so we should also post disclaimers that it's only for
> encryption, and shouldn't be relied on for signatures.

You can do this (1, 2, 1+2):

1. (recommended)
You can give a longer meaningful and describing name and/or comment, like

"Wikimedia/MediaWiki/Wikipedia Information Security Team - read by several
persons <>"

, and you could enumerate all team members by their name, in the comment field.

2. (optional, but requires all InfoSec team members to create an own key)
You can sign the "community key" by every team member, so that it is clear, who
is member.

try gpg --gen-key to generate a test key, notice the optional comment field!

Sorry: I tried, but I couldn't find the maximum key comment field length.

The uploading to the keyservers is optional, the most important thing is that
you publish the key and the fingerprint on a safe mediawiki site.

You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to