launchpad-dev team mailing list archive

Thread
Date

Re: users confused by lack of signatures on the PPA signing key

To: Julian Edwards <julian.edwards@xxxxxxxxxxxxx>
From: Martin Pool <mbp@xxxxxxxxxxxxx>
Date: Mon, 10 Aug 2009 22:35:37 +1000
Cc: Launchpad Community Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <200908101222.44833.julian.edwards@canonical.com>
Sender: martinpool@xxxxxxxxx

2009/8/10 Julian Edwards <julian.edwards@xxxxxxxxxxxxx>:
> The original intention was to have the PPA owner sign the key.  Signing with
> one master key doesn't really achieve anything other than redirecting the
> issue of trust to another machine-owned key (as opposed to human-owned) that
> you don't necessarily know about.
>
> Do you think we need better instructions for PPA owners telling them to sign
> the PPA key?  Could we show keys that signed it on the PPA page itself?

I've never seen such an instruction, so maybe you do need better
instructions - perhaps when setting up the archive you could send mail
to the team owners and/or show a message on the archive page.

The keyserver does actually have a page that shows signers so you
could just link to that.  There is some weakness that the keyserver
links are not over https.

-- 
Martin <http://launchpad.net/~mbp/>

Follow ups

Re: users confused by lack of signatures on the PPA signing key
From: Julian Edwards, 2009-08-10

References

users confused by lack of signatures on the PPA signing key
From: Martin Pool, 2009-08-10
Re: users confused by lack of signatures on the PPA signing key
From: Julian Edwards, 2009-08-10