[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jami] Signed packages

From: Sébastien Blin
Subject: Re: [Jami] Signed packages
Date: Sun, 24 Feb 2019 09:21:49 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0

On https://jami.net/download-jami-linux/ you can directly see the key used to sign packages (A295D773307D25A33AE72F2F64CD5FA175348F84)

For fedora:

 AmarOk@localhost  ~  rpm -qpi ~/Downloads/ring-20190215.1.07c9194-1.fc29.x86_64.rpm | grep Signature Signature   : RSA/SHA512, Fri 15 Feb 2019 08:09:10 PM EST, Key ID 64cd5fa175348f84

On 2/24/19 7:52 AM, amuza wrote:


I have not found your OpenPGP keys or signed packages at jami.org

Maybe they are there and I have not found them. Please let me know if
you gpg-sign your packages.

Thank you!

As I got no answer, I guess you don't sign your packages.

But, if that's the case, why?

It would be good for every Jami user to have a public key we can always
trust when verifying a Jami package. Wouldn't it?

That is a very common thing, specially for this kind of software. Not
having it can make existing and potential new Jami users feel suspicious
or less secure.

Of course we users would need to trust the signer, maybe by trusting
some other signature in their key, but that's a complete different story.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]