On Mon, Feb 22, 2016 at 7:42 PM, Kevin Fenzi <ke...@scrye.com> wrote: > My point was that you can get the signatures off the key from the > keyserver and see if any of them are someone you trust. If not, are > they connected to someone you trust (hey, look, web of trust). I think > expanding the web of trust on the signatories of the keys would help > more than just trying to distribute the key fingerprint "lots of > places".
They key itself should come with signatures. That it doesn't is weird and inconvenient. If it came with a single signature by a long lived key used for the purpose of authenticating keys, it would go a log way. -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
