> I didn't have the masterkey at hand. My solution has been to ask a few
> people I know with different ISPs to check out the webpage with it, but
> it is hosted by GitHub.
> 
> How, for trust initialization, am I to know 427F 11FD 0FAA 4B08 0123
> F01C DDFA 1A3E 3687 9494 is actually Qubes master key and not GitHub's
> MitM signing key?

That's a common problem

here you can find the fingerprint:
https://github.com/rootkovska/rootkovska.github.io/tree/master/keys
https://keys.qubes-os.org/keys/
https://www.youtube.com/watch?v=S0TVw7U3MkE (near the end 46:51)
https://hyperelliptic.org/PSC/slides/psc2015_qubesos.pdf (last slide)
https://twitter.com/rootkovska/status/496976187491876864

-every site is in https
-one is even a video

as you can see it's not only on github :)
i omitted not https versions and keyservers
if someone knows more let me/us know!

bye
Matteo

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-devel/bcb9f1d5-54d9-ec7c-2329-727407643062%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Reply via email to