On Monday 10 August 2009 06:13:23 Martin Pool wrote: > https://bugs.edge.launchpad.net/soyuz/+bug/410745 > > This seems to have come up a few times - users are surprised/confused > that the PPA key looks very generic and that it's not signed by the > developers. > > I'm not sure precisely what we should be doing. Maybe they should all > be signed by a master key? Maybe Launchpad should recommend that > projects sign it with some other key?
The original intention was to have the PPA owner sign the key. Signing with one master key doesn't really achieve anything other than redirecting the issue of trust to another machine-owned key (as opposed to human-owned) that you don't necessarily know about. Do you think we need better instructions for PPA owners telling them to sign the PPA key? Could we show keys that signed it on the PPA page itself? Cheers. _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
