Ok, so I'm trying to figure out what good uploading a GPG key into the accounts system is. Here's how I see it: 1. The only thing it's used for is potentially signing the CLA. I say potentially because both http://www.fedoraproject.org/wiki/Infrastructure/AccountSystem/RequestCLA and http://www.fedoraproject.org/wiki/Infrastructure/AccountSystem say "You can sign the CLA". If it's required, we should change it to "must sign the CLA". 2. Even if 1) is done, we don't use GPG keys for anything else. We don't sign packages with them. Using them to sign emails is fine, but it's not required. And there is no listing of contributors and their GPG keys so finding a users GPG key has to be done via searches on key servers anyway. So... is it really needed? Or maybe a better question is can we make it more useful somehow? josh -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
