Could we generate a pgp key for each release and have it be verified upon installation or by the user after download?

On Sat, Mar 8, 2014 at 1:15 AM, Vesa <> wrote:
On 03/07/2014 10:33 PM, Tres Finocchiaro wrote:
There is no centralized keysigning authority that we could trust. 
Speak for yourself please. 
This is what OCSP and CRL is for. Nearly every secure communication one uses to the web uses trusted certificate.  Too expensive?  Valid concern.  Can't trust them? I'd argue we already do.

https certificates are not safe. SSL is not safe. NSA has access to them and can spoof them if they want. No central signing authority can be ultimately trusted, especially not any that is maintained inside the USA, where the NSA can give secret court orders to any corporation and demand them to give access to any information they need, and to keep it all secret. NSA has been known to put backdoors into commercial, closed-source cryptography software, again by secret court orders. NSA has been known to spoof SSL certi

We can't trust any 3rd-party keysigner that is based in the USA. In fact, the whole central-source-of-trust-model is outdated as its weaknesses have been shown by recent events.

Please read

We can't do anything to web browsers. Browsers have other security mechanisms in place - mozilla and chrome both already have contingencies in place for situations like that - blacklists, security warnings, etc. 
So what exactly is our problem with offering a link then? 

The link may not work indefinitely. Some day, someone else may have that address - particularly, since that link is dependent on a 3rd party platform, such as Sourceforge. What if SF goes bankrupt and someone else buys the domain? What if it's some scam artist, who notices that lots of links still point to the site, and uses that to their advantage?

Browser security doesn't cover situations where the link is legitimately transfered to another party. We'd have that link in that version of our software forever, no matter if it stops working one day.

When the link is embedded in our software, the users will get the impression that we guarantee the viability of that link. It's not a matter of legal responsibility, it's a matter of moral responsibility - we have the moral responsibility to offer the best possible security we can to our users, even if we aren't legally obligated to.

Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries.  Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
LMMS-devel mailing list

Jonathan Aquilina