On Fri, 25 Aug 2017 13:54:41 +0200
Anselm R Garbe <garbeam_AT_gmail.com> wrote:
Dear Anselm,
> Either that, or perhaps we can reinstate the old fashion of
> suckless.org/~user/ homedir.
I gave it a bit more thought and realized that putting the keys all in
one place defeats the purpose of PGP. If the server is compromised, an
attacker would just have to additionally replace the keys in the
homedirs besides replacing the signed release-tarballs with fraudulent
ones that were signed with his "fraudulent" key.
With best regards
Laslo
--
Laslo Hunhold <dev_AT_frign.de>
Received on Sat Aug 26 2017 - 21:08:31 CEST