Re: [Exim] OpenPGP signatures on Exim releases

Top Page
Delete this message
Reply to this message
Author: Florian Weimer
Date:  
To: WJCarpenter
CC: exim-users
Subject: Re: [Exim] OpenPGP signatures on Exim releases
"WJCarpenter" <bill-exim@???> writes:

> What you really need is to publish a small, reasonable list of keys, the
> signatures of the members of a mini-keyring, more or less.


This is an unusual approach. Usually, when you have to assume that
your day-to-day key might be compromised, you open your own CA and
publish just the fingerprint of the CA root key.

But I don't know if this is really necessary in Philip's case. Maybe
he can store is key on a trustworthy machine and be settled with it.

--
Florian Weimer                       Weimer@???
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898