search

retoaccess1 / haveno-reto

Decentralized P2P exchange built on Monero and Tor
https://haveno-reto.com
GNU Affero General Public License v3.0
140 stars 5 forks source link

Please get release key cross-signed & advertise it #25

Open jonathancross opened 1 month ago

jonathancross commented 1 month ago

I am trying to verify the PGP signature on a release. It was signed with key DAA24D878B8D36C90120A897CA02DAC12DAE2D0F which was just created in June and has no cross signatures. DuckDuckGo doesn't know anything about this key.

I see Woodser has a key in this repo, but that key has nothing to do with this key above.

Can you please cross-sign each other's keys and advertise the proper haveno-reto signing key fingerprint in a few places?

Ideally get some prominent people in Monero to also certify the key.

Ideally all commits should also be gpg signed.

Why?

We should not trust GitHub / Microsoft infrastructure. If something goes wrong, there should be a digitally signed audit trail.

Thanks!

boldsuck commented 4 days ago

I got it from here: https://haveno-reto.com/reto_public.asc You can also request the key or fingerprint in their Haveno-reto SimpleX group.

@woodser will not sign any third-party Haveno mainnet instances. He only develops test- (stagenet) software. Other prominent people in Monero community, maybe.