> The Fedora team could get a profile and verify the key(s) through > github, the Fedora and Red Hat web sites, the Fedora magazine twitter > account, and by having the Fedora team all sign publicly. Every little helps. The important step would be if the Fedora devs state the fingerprints in a visible way that risks their good reputation if the information turned out to be incorrect. These statements would then be the foundation of trust in what the Fedora 24 key signs. > Combined with having the key on getfedora.org, it at least provides a > measure of protection against our site being compromised. It also has > the benefit of, if someone knows of any Fedora devs on Twitter or > another service, they can follow the web of social-service trust. This > isn't as good as if they had a direct path to the Fedora WoT through > normal signatures, but it's much more likely to actually occur. Yes all of this, please. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
