Marc Haber <[email protected]> writes: > There is some place where we need to stop, or should we mirror the > original author's pgp key as well?
We most definitely should (and in many cases we already store these in source packages)! Considering the state of the GPG keyserver infra sometimes upstream public keys are already surprisingly difficult to find, and this will only get worse as time goes on. -- Arto Jantunen
