On Tue, Feb 23, 2016 at 06:23:13AM -0700, Kevin Fenzi wrote: > On Mon, 22 Feb 2016 19:45:03 +0000 > Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote: > > I don't think there is any utility in pointing people to a keyserver > > here. > > I think it would allow them to check signatures against their web of > trust. Since one needs to load the gpg key into the gpg keyring anyhow, one can just use refresh the key from the keyserver to get the signatures from other keys. Since one cannot trust the direct link to a keyserver, linking to a keyserver actually weakens the security IMHO. Kind regards Till -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
