Re: [dev] file integrity github project

From: Laslo Hunhold <>
Date: Sat, 26 Aug 2017 21:08:31 +0200

On Fri, 25 Aug 2017 13:54:41 +0200
Anselm R Garbe <> wrote:

Dear Anselm,

> Either that, or perhaps we can reinstate the old fashion of
> homedir.

I gave it a bit more thought and realized that putting the keys all in
one place defeats the purpose of PGP. If the server is compromised, an
attacker would just have to additionally replace the keys in the
homedirs besides replacing the signed release-tarballs with fraudulent
ones that were signed with his "fraudulent" key.

With best regards


Laslo Hunhold <>
Received on Sat Aug 26 2017 - 21:08:31 CEST

This archive was generated by hypermail 2.3.0 : Sat Aug 26 2017 - 21:12:27 CEST