zlacker

[parent] [thread] 2 comments
1. Dylan1+(OP)[view] [source] 2018-07-29 10:04:27
Verify it against what?
replies(1): >>dredmo+U
2. dredmo+U[view] [source] 2018-07-29 10:26:47
>>Dylan1+(OP)
See what keys have signed a given key. See Debian maintainer keys as an example.

This is ... not everything that it could be, and is approaching 30 years old, technology built for a vastly different world.

But this is the basis of the GPG / PGP Web of Trust.

https://en.wikipedia.org/wiki/Web_of_trust

http://www.pgpi.org/doc/pgpintro/

http://www.rubin.ch/pgp/weboftrust.en.html

(I've addressed this point ... a distressing number of times on HN: https://hn.algolia.com/?query=dredmorbius%20web%20of%20trust... 0

replies(1): >>dcbada+p4
◧◩
3. dcbada+p4[view] [source] [discussion] 2018-07-29 11:35:08
>>dredmo+U
Have you contacted maintainers if they're willing to do this? Is there a way to configure apt to verify chain of trust?
[go to top]