Re: More prominent link to verification hashes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 23 Feb 2016, Till Maas wrote:

I used my access to the signing server to verify the key before signing
it. But why is confirming the fingerprint here a step forward? Why would
someone search in this mailing list for the fingerprint of the gpg key?

FWIW, the signing server just gave me a public key with this fingerprint
when I asked for the Fedora 24 signing key:
pub  4096R/81B46521 2015-07-25 Fedora (24) <fedora-24-primary@xxxxxxxxxxxxxxxxx>
     Key fingerprint = 5048 BDBB A5E7 76E5 47B0  9CCC 73BD E983 81B4 6521

This is the important part, you state that you have access to the server that uses the private key for 4096R/81B46521. You may have first-hand knowledge how the persons using this key protect this private key and you
have even knowledge of these person's trustworthiness and professionalism.

That and only that constitutes the value of your signature as opposed to mine if I had signed the key.
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux