ONe question arrises when thinking about it: What does that single person really sign for? I mean: When I upload an update to a package I maintain, does the signing by that "super secret" key have any other meaning than: "Yes it came from choeger who has a valid FAS account"? Really, why do we need that key to have a password? Shouldn't it be suffice to have all FAS keys signed properly and use them to sign packages when they're handed in? Maybe Jesse himself could clarify that a bit.
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
