[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Checking signatures on source tarballs

From: Ludovic Courtès
Subject: Re: Checking signatures on source tarballs
Date: Thu, 08 Oct 2015 13:44:54 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

address@hidden (Ludovic Courtès) skribis:

> Even for GNU, we’d have to ask the FSF, and obviously the set of
> authorized keys for each package keeps changing.  So we’d need the FSF
> to provide us with a database/server to answer questions such as “which
> public keys could sign for GNU Foo at this date?” in a secure way.

Actually I see that GSRC already maintains per-package keyrings.

How is this maintained, Brandon?  That is, where do you get information
on which keys to put in the keyring, etc.?


PS: For context, see the thread starting at

reply via email to

[Prev in Thread] Current Thread [Next in Thread]