On 2016-02-29 12:32, Łukasz 'Cyber Killer' Korpalski wrote:
W dniu 29.02.2016 o 11:52, Carlos E. R. pisze:
> On 2016-02-29 10:00, Łukasz 'Cyber Killer' Korpalski wrote:
certified page with all keys used by the project for signing
downloads and builds.
Certified by who?
On an https static page, at least.
At this point I trust the openSUSE Project Signing Key
0x3DBDC284 to be
Sure, but how do you know that you got a correct copy of the key, not
I signed it with my key too, so in the future I'll
be able to
quickly notice if this is the key I trusted today. That is enough of the
web of trust, that I need.
Yes, but before signing it the first time you have to make a jump of
faith that you got the correct one.
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)