On Mon, Mar 7, 2016 at 8:27 AM, Stephen John Smoogen <smooge@xxxxxxxxx> wrote: > On 7 March 2016 at 01:32, Ralf Senderek <fedora@xxxxxxxxxxx> wrote: >>> What would be proper other places to confirm the fingerprint? >> >> The following criteria might be reasonable: >> - a place that has authority, that people might trust. >> - a place that is hard to impersonate, that has some protection >> against unauthorized use >> - a place that is visible to many people with a need to verify. >> - a place that is known for publishing cross-checked, reliable information >> >> Hope that helps to find such places. > > Not really. Everything above is subjective. In the past, when I have > looked for sites that meet such criteria no one agrees that the place > meets such criteria. > > We put it in redhat.com and people who hate corporations or that Red > Hat sponsors this project assume that if Red Hat were paid enough > money they would change the data any time. > > We put it in archive.org and people wonder how we can tell it isn't > impersonated by some other site or that someone else isn't changing > it. > > We put it in lwn.net and people wonder how they will know where to > find it or why we didn't choose reddit/slashdot/etc/etc. > > We get google to host it and people wonder all of the above. Get them all to host it. That oughta bypass any tomfoolery. -- Chris Murphy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
