[email protected] wrote (08 Apr 2014 13:21:25 GMT) : > The user might, either before, either after using the Installer, do > stronger verification on the signing key in her own keyring. For example > you might have a personal trust path or a local signature in your > personal keyring.
> Maybe an alternative would be to combine both without modifying the > user's keyring: > 1. Verify first with the signing key from the package > 2. Also try to verify the ISO using the user's keyring > 3. Compare both results and warn the user if they differ OK. At this point, maybe it would be worth creating a ticket. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
