Hi devs@, Seems like for some reason the gentoo.org does not publish the gpg public keys of the senders, even though it is signed correctly.
Just wanted to know why the devs are required to use gpg keys, glep63 [1] but even when the server has the public keys, they aren't published properly. >From a proper security perspective, I would have though something like WKD[2] would have been implemented on the server side for automated authentication. Maybe I am missing something about how to verify the keys of the maintainers who are sending announcements but it irks me a teensy bit when i have signed mails and I can't ~~trust~~ verify the signatures. This is tots an aside from normal gentoo stuff. Hope ya'll are safe, Aisha [1] https://wiki.gentoo.org/wiki/Project:Infrastructure/Generating_GLEP_63_based_OpenPGP_keys [2] https://wiki.gnupg.org/WKD
