[asterisk-dev] GPG signatures
Kevin P. Fleming
kpfleming at digium.com
Fri Oct 6 09:29:29 MST 2006
----- Bill Merriam <lists at billmerriam.com> wrote:
> I would think that keys or fingerprints would be available on the
> Asterisk.org or Digium web sites. Given that we ARE a voice centric
> group Digium could provide an extension where a recorded message
> reads
> the fingerprints of one or more key signing keys.
>
> The difference between a good gpg signature and a TRUSTED signature
> is
> that you trust the key because you have confirmed its authenticity.
All of the keys used to sign releases have been cross-signed by the entire Digium development team, and at Astricon in the Code Zone I plan on having a 'key signing party' to get more signatures from community members as well.
This should be more than adequate to verify the authenticity of these keys.
--
Kevin P. Fleming
Senior Software Engineer
Digium, Inc.
More information about the asterisk-dev
mailing list