This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: gpg signatures on tar/diff
- From: Joe Buck <Joe dot Buck at synopsys dot COM>
- To: Adrian von Bidder <avbidder at fortytwo dot ch>
- Cc: gcc at gcc dot gnu dot org
- Date: Fri, 22 Apr 2005 09:40:28 -0700
- Subject: Re: gpg signatures on tar/diff
- References: <200504220959.19254.avbidder@fortytwo.ch>
On Fri, Apr 22, 2005 at 09:59:18AM +0200, Adrian von Bidder wrote:
> Hi,
>
> Please forgive this remark - especially if it has been discussed before (I
> don't follow this list.)
>
> I think that Mark's key (0xB75C61B8) might not have been the best choice to
> sign the gcc release because it lacks connections to the majority of the
> OpenPGP web of trust, being signed only by one other key afaict.
Mark is the person making the release, therefore it is his word that
it is a valid release and no one else's. If you'd feel better about
a key with more signatures, then maybe Mark can arrange to have people
sign his key at the GCC Summit.