#296: Provide a way to verify the pgp keys (web of trust)
--------------------------+-----------------------
Reporter: genodeftest | Owner: webmaster
Type: defect | Status: new
Priority: major | Milestone:
Component: General | Keywords:
Blocked By: | Blocking:
--------------------------+-----------------------
The pgp keys on https://getfedora.org/verify
~~~
8E1431D5 - Fedora 22
A29CB19C - Fedora 22 secondary arches (aarch64, PPC64, PPC64le, s390
and s390x)
95A43F54 - Fedora 21
A0A7BADB - Fedora 21 secondary arches (aarch64, PPC64, PPC64le, s390
and s390x)
246110C1 - Fedora 20
EFE550F5 - Fedora 20 secondary arches (ARM, PPC64, s390)
FB4B18E6 - Fedora 19
BA094068 - Fedora 19 secondary arches (ARM, PPC64, s390)
~~~
are not online on any known key server. There is currently no way to check
their validity (no way to retrieve signatures). I don't even know who
generated them. As of now it is just as there were no pgp signatures at
all.
Ideally the keys were online e.g. on the sks keyservers pool [1] and
signed by people I can build a trust path via web of trust.
[1] https://sks-keyservers.net/
--
Ticket URL: <https://fedorahosted.org/fedora-websites/ticket/296>
fedora-websites <https://fedoraproject.org/wiki/Websites>
Fedora Website Team's Trac instance
--
websites mailing list
websites@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/websites
