Re: [Tails-dev] Review and merge doc/tails-support-private

Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Review and merge doc/tails-support-private
intrigeri wrote:
> * The branch doesn't update tails-bugs.key to add
> the -support-private@ UID; that's probably the only blocker.


dddc3ca

> * I think the frontdesk role page should be updated a bit accordingly.


c83ffd9

> * The proposed branch doesn't document the -bugs@ key on
> doc/about/openpgp_keys; I guess you did it this way on purpose


I must admit that I don't really like this page, and thought that this
would be done while working on #7573 and #7698 which I want to do
soonish. But yes that's the kind of "soonish" that can last forever so
it's better to have a real fix now: ae68690.

> but
> then I'm curious about the rationale for not giving any hints on how
> to verify the key without relying on the CA cartel.


I'm not sure to understand what you are referring to here? In ae68690 I
basically copied and adapted what was already written for tails@???
Schleuder. The way to document how to verify our keys without without
the CA cartel would be to document how to verify the signature made by
our signing key. And we don't do that for tails@??? either. So
there is no regression here. But it would surely be worth a ticket as
subtask of #7698 or #7573.

--
sajolida