[jitsi-dev] [jitsi] Get some signatures for the debian repository key (#91)


#1

The key used to sign the debian packages only has one signature and the signature is from self signed only key. Please try and leverage the the web of trust. I have to imagine that one of the developers knows someone with a key that has a few signatures on it. In a perfect world this would block jitsi-1051. However in the interim you could publish the fingerprint (or even the entire key) on https://jitsi.org/jitsi-key.asc
This was also brought up by someone else on the mailing list: https://java.net/nonav/projects/jitsi/lists/dev/archive/2013-03/message/334

(Issue migrated from https://trac.jitsi.org/ticket/1162)

···

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi/issues/91


#2

The key is also only 1024 bit. This should be updated to a new 2048 or better yet 4096 bit key. As for signing it, @damencho should have a key for the uploads to Debian.

···

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi/issues/91#issuecomment-90093587


#3

Please follow the Debian Maintainer guidelines for GnuPG keys:
- You must have a strong (>= 2048 bit required; 4096 bit recommended) RSA GnuPG key
- ensure that GnuPG uses SHA2 signatures (in preference to SHA1)

https://wiki.debian.org/DebianMaintainer

···

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi/issues/91#issuecomment-142189677


#4

Closing in favor of #203

···

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi/issues/91#issuecomment-224413079


#5

Closed #91.

···

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi/issues/91#event-684965141