On Mon, 7 Mar 2016, Stephen John Smoogen wrote:
Hope that helps to find such places.
Not really. Everything above is subjective. In the past, when I have
looked for sites that meet such criteria no one agrees that the place
meets such criteria.
We put it in redhat.com and people who hate corporations or that Red
Hat sponsors this project assume that if Red Hat were paid enough
money they would change the data any time.
We put it in archive.org and people wonder how we can tell it isn't
impersonated by some other site or that someone else isn't changing
it.
We put it in lwn.net and people wonder how they will know where to
find it or why we didn't choose reddit/slashdot/etc/etc.
We get google to host it and people wonder all of the above.
Stephen,
please bear in mind that it's not a measure to make everyone happy,
publishing the fingerprint(s) is meant to prevent faking of the key.
And this is much more than providing only self-signed keys without
linking them to first-hand knowledge about their authenticity.
You don't have to come up with a solution that suits everyone, as
long as it is enough to make faking a really hard job for anyone.
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
