libk  Update of "keyring"

Overview

Artifact ID: 10448e182445066428b94813398c898cf08c18b4cc4768a808f3d08ceab95579
Page Name:keyring
Date: 2020-11-02 10:58:44
Original User: lexi
Mimetype:text/x-markdown
Parent: 7a6666a28d79b0cde6a4f2d3101d79f46c7da300e7b6cbb4e9f17b1f91ea0b5d (diff)
Content

project keyring

the libk project keyring contains the public signify keys of the team members who are authorized to cut an official libk release. for security reasons, the keyring is not part of the libk repository itself; only those with root access to the libk server have write access to it. the keyring is always signed by the current project maintainer; always verify this signature before relying on keyring signatures for authentication.

you can find individual developer PGP fingerprints on the personnel roster, but never use that page (or PGP) to authenticate a release; always use the dedicated project signify keyring. not all developers are authorized to issue a release tarball.