Comment by Dylan16807 7 years ago Verify it against what? 2 comments Dylan16807 Reply dredmorbius 7 years ago See what keys have signed a given key. See Debian maintainer keys as an example.This is ... not everything that it could be, and is approaching 30 years old, technology built for a vastly different world.But this is the basis of the GPG / PGP Web of Trust.https://en.wikipedia.org/wiki/Web_of_trusthttp://www.pgpi.org/doc/pgpintro/http://www.rubin.ch/pgp/weboftrust.en.html(I've addressed this point ... a distressing number of times on HN: https://hn.algolia.com/?query=dredmorbius%20web%20of%20trust... 0 dcbadacd 7 years ago Have you contacted maintainers if they're willing to do this? Is there a way to configure apt to verify chain of trust?
dredmorbius 7 years ago See what keys have signed a given key. See Debian maintainer keys as an example.This is ... not everything that it could be, and is approaching 30 years old, technology built for a vastly different world.But this is the basis of the GPG / PGP Web of Trust.https://en.wikipedia.org/wiki/Web_of_trusthttp://www.pgpi.org/doc/pgpintro/http://www.rubin.ch/pgp/weboftrust.en.html(I've addressed this point ... a distressing number of times on HN: https://hn.algolia.com/?query=dredmorbius%20web%20of%20trust... 0 dcbadacd 7 years ago Have you contacted maintainers if they're willing to do this? Is there a way to configure apt to verify chain of trust?
dcbadacd 7 years ago Have you contacted maintainers if they're willing to do this? Is there a way to configure apt to verify chain of trust?
See what keys have signed a given key. See Debian maintainer keys as an example.
This is ... not everything that it could be, and is approaching 30 years old, technology built for a vastly different world.
But this is the basis of the GPG / PGP Web of Trust.
https://en.wikipedia.org/wiki/Web_of_trust
http://www.pgpi.org/doc/pgpintro/
http://www.rubin.ch/pgp/weboftrust.en.html
(I've addressed this point ... a distressing number of times on HN: https://hn.algolia.com/?query=dredmorbius%20web%20of%20trust... 0
Have you contacted maintainers if they're willing to do this? Is there a way to configure apt to verify chain of trust?