Hello,
I think the buildservice@opensuse.org key ( 0x6B9D6523) can be regarded a very important key. Thus, I wonder why is it not signed by the SUSE security team?
It is signed by Marcus Meissner, which is fine, but shouldn´t such an important key be signed as well by the security team or at least by the openSUSE project signing key?
IMHO that would grant a stronger chain of trust for that key.....
Hello,
I like the idea.
@Richard, what do you think?
On 18.09.17 15:12, linux maillist wrote:
Hello,
I think the buildservice@opensuse.org key ( 0x6B9D6523) can be regarded a very important key. Thus, I wonder why is it not signed by the SUSE security team?
It is signed by Marcus Meissner, which is fine, but shouldn´t such an important key be signed as well by the security team or at least by the openSUSE project signing key?
IMHO that would grant a stronger chain of trust for that key.....
Viele Grüße / Best regards Thomas
Hi,
On Thu, Sep 21, 2017 at 05:55:15PM +0200, Thomas Biege wrote:
Hello,
I like the idea.
@Richard, what do you think?
On 18.09.17 15:12, linux maillist wrote:
Hello,
I think the buildservice@opensuse.org key ( 0x6B9D6523) can be regarded a very important key. Thus, I wonder why is it not signed by the SUSE security team?
It is signed by Marcus Meissner, which is fine, but shouldn´t such an important key be signed as well by the security team or at least by the openSUSE project signing key?
IMHO that would grant a stronger chain of trust for that key.....
I am regulary partaking in FOSDEM and other keysignings if you want to have close verification of my key and government issued ID.
I have now also signed the 0x6B9D6523 key with the security@suse.com key, as I am member of the security team.
Ciao, Marcus
Am 28.09.2017 um 22:11 schrieb Marcus Meissner:
(....) I am regulary partaking in FOSDEM and other keysignings if you want to have close verification of my key and government issued ID.
Oh, you have such a new German ID card with online signature stuff enabled? You can go to https://pgp.governikus-eid.de/pgp/ and use your ID card to get your PGP key(s) signed. Though, you need a Windows machine / VirtualBox to use your ID card......
I have now also signed the 0x6B9D6523 key with the security@suse.com key, as I am member of the security team.
Why does the security team have two keys? Is 0x317CD502 the successor to 0x3D25D3D9? Why did 0x3D25D3D9 need a successor?
thanx Malte
Hi Malte,
On Wed, Oct 04, 2017 at 02:33:45AM +0200, Malte Gell wrote:
Why does the security team have two keys?
We use only 0x317CD502, 0x3D25D3D9 is revoked.
Is 0x317CD502 the successor to 0x3D25D3D9?
Yes
Why did 0x3D25D3D9 need a successor?
We wanted to increase the key size.
Johannes
-
jsegitz@suse.com -
linux maillist -
Malte Gell
-
Marcus Meissner -
Thomas Biege