Thread: Sigil-0.9.9 Released
View Single Post
Old 01-08-2018, 08:23 AM   #35
eschwartz
Ex-Helpdesk Junkie
eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.
 
eschwartz's Avatar
 
Posts: 19,421
Karma: 85400180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
I'd prefer at least one place other than Github, that can be identified as belonging to you.

As for keyservers, those don't count as anyone can upload a fake key to a keyserver, so it doesn't provide independent verification.
(A theoretical attacker who gained control of your github account and tagged a fake release using a fake key, would have no problem also uploading the fake key to the keyserver. But there's a pretty good chance he didn't also gain the ability to publish to the official Sigil blog.)

For example, the blog states the following information regarding the OSX releases:

Quote:
Originally Posted by Sigil-ebook.com
There will be a lot of output but you should look for the following: Authority=Developer ID Application: Kevin Hendricks (2SMCVQU3CJ)
Last edited by eschwartz; 01-08-2018 at 08:25 AM.
eschwartz is offline   Reply With Quote