> I didn't have the masterkey at hand. My solution has been to ask a few > people I know with different ISPs to check out the webpage with it, but > it is hosted by GitHub. > > How, for trust initialization, am I to know 427F 11FD 0FAA 4B08 0123 > F01C DDFA 1A3E 3687 9494 is actually Qubes master key and not GitHub's > MitM signing key?
That's a common problem here you can find the fingerprint: https://github.com/rootkovska/rootkovska.github.io/tree/master/keys https://keys.qubes-os.org/keys/ https://www.youtube.com/watch?v=S0TVw7U3MkE (near the end 46:51) https://hyperelliptic.org/PSC/slides/psc2015_qubesos.pdf (last slide) https://twitter.com/rootkovska/status/496976187491876864 -every site is in https -one is even a video as you can see it's not only on github :) i omitted not https versions and keyservers if someone knows more let me/us know! bye Matteo -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/bcb9f1d5-54d9-ec7c-2329-727407643062%40posteo.net. For more options, visit https://groups.google.com/d/optout.