On Sat, Oct 17, 2015 at 01:46:24AM +0000, Zbigniew Jędrzejewski-Szmek wrote:
Would it be possible for people who create those keys (or other
people
from release-engineering who can verify that they keys are correct) to
sign them with their private keys and upload the resulting signatures
to public key servers? It would provide an additional verification
path. Distribution package signing keys are important enough for this
to be worth the extra work imho.
FYI: I do this since some releases for the Fedora keys.
Regards
Till