Expert verification instructions encourage users to certify our key publicly
Originally created by @intrigeri on #17544 (Redmine)
b. To make an exportable certification of the Tails signing
key and publish it on the public key servers:
gpg --sign-key A490D0F4D311A4153E2BB7CADBB802B258ACD84F
gpg --send-keys A490D0F4D311A4153E2BB7CADBB802B258ACD84F
Doing so allows people who verified
your key to verify your certification and, as a consequence, build
more trust in the Tails signing key.
I don’t think that the level of verification documented in the preceding
instructions justifies a public certification of our key.
Encouraging users to do so:
- spreads suboptimal OpenPGP key signing practices
- makes our key grow larger and larger