Multiple dev one signing key

Werner Koch wk at gnupg.org
Mon Mar 11 15:21:49 CET 2019


On Mon, 11 Mar 2019 12:43, johndoe65534 at mail.com said:

> Just to be clear, you Werner will sign everything that needs to be
> signed for a release with your personal key.

In practise that is the case.  However, anyone of our small group can
sign releases and also update the online list of current version
numbers.

> As an extra layer of security Niibe will also sign the release and send
> you the detacht signature.

One signature is actually sufficient but for users of the Web of Trust a
second signature might a difference to some.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190311/27a25c41/attachment.sig>


More information about the Gnupg-users mailing list