1 |
Perhaps I've missed part of this thread (or simply wasn't paying |
2 |
attention early enough) but will the keyserver itself (the actual |
3 |
repository manager) be housed at gentoo? That would make some small |
4 |
difference, at least if you accept keys in general, as far as a |
5 |
management standpoint goes. In that case, if you can verify the |
6 |
signature against keyserv.gentoo.org, then you know that unless someone |
7 |
has hacked gentoo.org itself (let's not even go there - then all |
8 |
arguments are void) the key is valid. |
9 |
|
10 |
that's a two cents worth. that and a buck will get you a cup of very |
11 |
small coffee at starbucks. |