Ok this is a stupid questions
vedaal at nym.hush.com
vedaal at nym.hush.com
Wed Feb 27 00:15:29 CET 2019
On 2/26/2019 at 3:28 PM, "Stefan Claas" <sac at 300baud.de> wrote:And maybe another FOSS point? How about issuing Warrant Canaries?
I have seen that VeraCrypt does this.
=====
Yes.
The latest one is here:
https://www.idrix.fr/VeraCrypt/canary.txt
Interesting, but it still boils down to *trust*.
I would trust WK and the GnuPG team even if they didn't *sign* a Warrant Canary
(i / we all, sort-of trust the verification of the new GnuPG releases, with his sig),
And if we *don't trust*, then signing a Warrant Canary with the same signing key as the GnuPG release,
wouldn't help ;-)
vedaal
More information about the Gnupg-users
mailing list