You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 24, 2022. It is now read-only.
I think this might carry a risk of us becoming a pseudo CA though
This is my concern, especially because we will now be tasked with keeping it up to date with changes as well. If a project utilizes PGP they should also have a mechanism to securely transmit that key to the user on their own, IMO.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
A bit like https://github.com/privacytoolsIO/privacytools.io/issues/1622, we have multiple recommendations who are using PGP in code/software signing, sign emails they send or support PGP encrypted emails. https://github.com/privacytoolsIO/privacytools.io/issues/1703 would bring more of them, so I wonder if we should have a list of the PGP fingerprints (with a big warning to not solely trust us and do your own research)?
I think this might carry a risk of us becoming a pseudo CA though, while git makes all changes transparent (at least for those who look).
As with #1622, I have a personal "project" doing similar except that I am not bothering with proofs there. README
The text was updated successfully, but these errors were encountered: