> There is a simple way to do this..., why not make a > "contributers-keys-0.1.noarch.rpm" package that people can install that > contains all the keys used by the contributers? > > This particular package should be signed by a MandrakeSoft employee and a > valid key. Maybe that package should be maintained by for example vdanen or > florin only?
This is a good idea. But I think a real web of trust should be set up. Not for today, but, for the future, when more and more developpers will have access to contribs. This would help to ensure of the identity of the contributers. -- Mickaël Scherer
