[Letux-kernel] [Tinkerphones] [Gta04-owner] Towards QtMoko2: building QtMoko from sources
jonas at jones.dk
Sun Jun 4 13:18:57 CEST 2017
Quoting H. Nikolaus Schaller (2017-06-04 11:41:19)
> Am 04.06.2017 um 10:17 schrieb Jonas Smedegaard <jonas at jones.dk>:
>> Please read http://deb.jones.dk/ and tell me which parts of that is
>> flawed or superfluous or wrong in other ways.
> That is a nice blueprint of exactly what I need and how it should be
> If I get it right (just from reading and guessing what it does) it
> assumes that your key is stored in debian-keyring.
Correct: My instruction is simpler than yours can be: Users of Debian
already implicitly trust the _identities_ of all Debian members (but
trust only _releases_ signed by special release keys).
I can therefore suggest users to establish a trust path by finding my
key among the keys they already trust.
You could instead suggest users to establish a trust path by finding my
key among the keys they already trust, and then finding your key among
signatures made by me.
> And this requires that you are trusted by the maintainers of
debian-keyring *only* contains keys from within Debian.
> Then you can declare that you are trusted and others can verify before
> taking your word only.
you can declare all you want - that won't change anything, as you have
no power over the users system. Yet... ;-)
The _user_ can declare that package releases done (not only by Debian
officially, but also) independently by you should be trusted.
> But how does your key get into debian-keyring?
By joining Debian. There is no other way for that specifically, so you
need to adapt instructions to other means of establishing your identity.
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
More information about the Letux-kernel