[asterisk-dev] GPG signatures

Kevin P. Fleming kpfleming at digium.com
Fri Oct 6 09:29:29 MST 2006


----- Bill Merriam <lists at billmerriam.com> wrote:
> I would think that keys or fingerprints would be available on the
> Asterisk.org or Digium web sites.  Given that we ARE a voice centric
> group Digium could provide an extension where a recorded message
> reads
> the fingerprints of one or more key signing keys.
> 
> The difference between a good gpg signature and a TRUSTED signature
> is
> that you trust the key because you have confirmed its authenticity.

All of the keys used to sign releases have been cross-signed by the entire Digium development team, and at Astricon in the Code Zone I plan on having a 'key signing party' to get more signatures from community members as well.

This should be more than adequate to verify the authenticity of these keys.

-- 
Kevin P. Fleming
Senior Software Engineer
Digium, Inc.



More information about the asterisk-dev mailing list