On 7 March 2016 at 01:32, Ralf Senderek <fedora@xxxxxxxxxxx> wrote: >> What would be proper other places to confirm the fingerprint? > > The following criteria might be reasonable: > - a place that has authority, that people might trust. > - a place that is hard to impersonate, that has some protection > against unauthorized use > - a place that is visible to many people with a need to verify. > - a place that is known for publishing cross-checked, reliable information > > Hope that helps to find such places. Not really. Everything above is subjective. In the past, when I have looked for sites that meet such criteria no one agrees that the place meets such criteria. We put it in redhat.com and people who hate corporations or that Red Hat sponsors this project assume that if Red Hat were paid enough money they would change the data any time. We put it in archive.org and people wonder how we can tell it isn't impersonated by some other site or that someone else isn't changing it. We put it in lwn.net and people wonder how they will know where to find it or why we didn't choose reddit/slashdot/etc/etc. We get google to host it and people wonder all of the above. -- Stephen J Smoogen. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
