zlacker

[parent] [thread] 1 comments
1. dredmo+(OP)[view] [source] 2018-07-29 10:26:47
See what keys have signed a given key. See Debian maintainer keys as an example.

This is ... not everything that it could be, and is approaching 30 years old, technology built for a vastly different world.

But this is the basis of the GPG / PGP Web of Trust.

https://en.wikipedia.org/wiki/Web_of_trust

http://www.pgpi.org/doc/pgpintro/

http://www.rubin.ch/pgp/weboftrust.en.html

(I've addressed this point ... a distressing number of times on HN: https://hn.algolia.com/?query=dredmorbius%20web%20of%20trust... 0

replies(1): >>dcbada+v3
2. dcbada+v3[view] [source] 2018-07-29 11:35:08
>>dredmo+(OP)
Have you contacted maintainers if they're willing to do this? Is there a way to configure apt to verify chain of trust?
[go to top]