22 Dec
2008
22 Dec
'08
10:46
On Sun, 21 Dec 2008 19:44:10 +0100, you wrote:
And how do we know that the key in the PGP server is the real one from opensuse.org, and not a fake? There is no "web of trust" that way.
You're right, there isn't.
The IDs should be posted on a non-wiki page, easy to find, and the keys signed with a trusted key.
I think it's a very valid request and you should open a bug report in bugzilla marked 'enhancement request' for this (take me into CC as pth@novell.com if you do). Philipp -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org