Making PGP distribution key well-known
ppisar at redhat.com
Mon Mar 5 10:37:47 UTC 2012
On 2012-03-02, Kevin Fenzi <kevin at scrye.com> wrote:
> On Fri, 2 Mar 2012 12:53:35 +0000 (UTC)
> Petr Pisar <ppisar at redhat.com> wrote:
>> On 2012-03-01, Michal Schmidt <mschmidt at redhat.com> wrote:
>> > Dne 1.3.2012 17:52, Petr Pisar napsal(a):
>> >> where to get public key for verifying RPM signatures.
>> > The keys are at: https://fedoraproject.org/keys
>> And F16 primary key (A82BA4B7) is signed by... 1 guy. Awesome.
>> And ISO images propagated on Fedora web pages have signatures where?
>> I see, one must trim the URL manually and hope the web server lists
>> directory and there will be a signature.
> https://fedoraproject.org/en/verify has a full list of them, but yes,
> they should be in the same directory.
> If you can think of a better way to present this data, do say.
Put them right next to shiny Download links. If the datails about size
are important enough, a link to signature could be there too. Like:
605MB, ISO format image for Intel-compatible PCs (32-bit), signature
Where the `signature' label would point to
The `Verify Download' link is six sections underneath. Even bellow
export regulations which nobody reads. To far.
More information about the devel