Thread: Sigil-0.9.9 Released
View Single Post
Old 01-08-2018, 08:15 AM   #34
DiapDealer
Grand Sorcerer
DiapDealer ought to be getting tired of karma fortunes by now.DiapDealer ought to be getting tired of karma fortunes by now.DiapDealer ought to be getting tired of karma fortunes by now.DiapDealer ought to be getting tired of karma fortunes by now.DiapDealer ought to be getting tired of karma fortunes by now.DiapDealer ought to be getting tired of karma fortunes by now.DiapDealer ought to be getting tired of karma fortunes by now.DiapDealer ought to be getting tired of karma fortunes by now.DiapDealer ought to be getting tired of karma fortunes by now.DiapDealer ought to be getting tired of karma fortunes by now.DiapDealer ought to be getting tired of karma fortunes by now.
 
DiapDealer's Avatar
 
Posts: 27,552
Karma: 193191846
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
Quote:
Originally Posted by eschwartz View Post
Quick question though, DiapDealer -- do you publish your key anywhere other than in that signature file? It would be nice if, for example, you could cross-post the fingerprint to the official Sigil blog, and to your release announcement here (making three independently operated sites that would have to be hacked in order to pull off a forgery). An integral part of having the signature so that it can be verified tamper-free, is being able to check that any hypothetical attacker did not just upload their own faked key at the same time as the source code itself.
My key should be available from any of the main public key-servers. The ID for my key is provided as part of the "Verified" tag on Github (clicking the Verified link will show the ID). I can post it in an additional place if you like. But three places seems like overkill to me.
DiapDealer is offline   Reply With Quote