Hi LyX developers,
Have you thought about GPG-signing the LyX tarballs? As a Debian
packager, it would make me feel a bit safer :-)
--
Pelle
[please cc me on replies]
Have you thought about GPG-signing the LyX tarballs? As a Debian
packager, it would make me feel a bit safer :-)
Juergen, I think it would be an excellent idea.
JMarc
Jean-Marc Lasgouttes wrote:
> > Have you thought about GPG-signing the LyX tarballs? As a Debian
> > packager, it would make me feel a bit safer :-)
>
> Juergen, I think it would be an excellent idea.
What is the correct procedure to do this?
Jürgen
Jürgen Spitzmüller writes:
> Jean-Marc Lasgouttes wrote:
>> > Have you thought about GPG-signing the LyX tarballs? As a Debian
>> > packager, it would make me feel a bit safer :-)
>>
>> Juergen, I think it would be an excellent idea.
>
> What is the correct procedure to do this?
It seems that the
Jean-Marc Lasgouttes wrote:
> I guess we would need one key for you and one for Jose (we cannot share
> a LyX key).
I have a key. But I guess it is not very authorative (due to missing counter-
signs).
And on the server, we would just upload the sig-Files matching the tarballs?
Jürgen
Per Olofsson wrote:
> Of course, there are all sorts of security issues here involving key
> distribution and the like, but the point is that it would still be
> much more secure than the present situation. Establishing a trust-path
> by getting your key signed would be an improvement, but it is no
Hi,
Jürgen Spitzmüller wrote:
> Jean-Marc Lasgouttes wrote:
>> I guess we would need one key for you and one for Jose (we cannot share
>> a LyX key).
>
> I have a key. But I guess it is not very authorative (due to missing counter-
> signs).
Well, even if your keys are not signed by anyone, it s
