On Mon, Mar 07, 2016 at 08:32:05AM -0000, Ralf Senderek wrote:
> What would be proper other places to confirm the fingerprint?
The following criteria might be reasonable:
- a place that has authority, that people might trust.
- a place that is hard to impersonate, that has some protection
against unauthorized use
- a place that is visible to many people with a need to verify.
- a place that is known for publishing cross-checked, reliable information
We could possibly add it somewhere on a Red Hat site, which I think
would fit all of these criteria in many people's eyes. Since it's
entirely separate infrastructure from Fedora's websites, that would
significantly raise the bar for any targetted website hacking.
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader