You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Users are asked to simply trust a couple websites that this is correct, but as the saying goes: Don't Trust, Verify.
Unfortunately there is no way for users to verify this is the correct key without meeting Shift devs in person.
I've gone to great lengths to do exactly that in 2020 with devs, but none of the devs have signed this key from 2022.
The OpenPGP Web Of Trust can help here... please have an established dev like @benma cross-sign this key with their own personal key.
Next time I'm in Switzerland I'll do the same and publish the cross-signatures for others to use.
This will create a cryptographic trust path (linked signatures) with thousands of others who are part of the OpenPGP Web Of Trust.
Thanks for helping us all to maintain high security standards.
The text was updated successfully, but these errors were encountered:
The gpg key used to sign release appears to be this:
Users are asked to simply trust a couple websites that this is correct, but as the saying goes: Don't Trust, Verify.
Unfortunately there is no way for users to verify this is the correct key without meeting Shift devs in person.
I've gone to great lengths to do exactly that in 2020 with devs, but none of the devs have signed this key from 2022.
The OpenPGP Web Of Trust can help here... please have an established dev like @benma cross-sign this key with their own personal key.
Next time I'm in Switzerland I'll do the same and publish the cross-signatures for others to use.
This will create a cryptographic trust path (linked signatures) with thousands of others who are part of the OpenPGP Web Of Trust.
Thanks for helping us all to maintain high security standards.
The text was updated successfully, but these errors were encountered: