Hacker News new | past | comments | ask | show | jobs | submit login

> And PGP does support web of trust, so if the previous release guy trusts the new release guy… perhaps we could accept it as well.

PGP's web of trust has been broken since at least 2019[1]. GPG removed support for it years ago.

(This is a recurring problem with PGP: if you search these things, you're given the false impression that it's all still humming along.)

[1]: https://inversegravity.net/2019/web-of-trust-dead/




Web of trust based on signatures on keyservers is dead. That is not what is being suggested here.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: