Guide user through verification process of GPGTools team key
Reported by steve | April 25th, 2016 @ 05:23 PM
The default for the GPGTools team key is "Unkown". When doing the verification of the software download, that would result in an untrusted signature.
We should find good steps to guid users through the verification process of our key.
Comments and changes to this ticket
-
leanne August 22nd, 2017 @ 08:52 PM
We would need to verify the fingerprint, yes? Can that be added to the gpgtools.org website, along with the signatures?
Once verified, the next step would be to send an email, maybe?
Neither of these would really give ultimate level of trust, but full perhaps, or the complicated "marginal"?
-
steve August 25th, 2017 @ 11:29 PM
Hi Leanne,
the fingerprint for our key is on the website at the very bottom:
"GPGTools Public Key (85E3 8F69 046B 44C1 EC9F B07B 76D7 8F05 00D0 26C4)"Signatures for all releases are on the homepage as well.
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Alex (via GPGTools)
leanne
Luke Le
steve