|Mikaela Suomalainen 520922ae6e||pirms 6 dienas|
|crypto-exchange||pirms 1 mēnesi|
|effi||pirms 2 mēnešiem|
|email-cloaking||pirms 3 nedēļām|
|feneas||pirms 1 nedēļas|
|friends||pirms 3 nedēļām|
|me||pirms 1 nedēļas|
|ncsc-fi||pirms 1 mēnesi|
|privacytools||pirms 1 mēnesi|
|software||pirms 6 dienas|
|vpn||pirms 1 mēnesi|
|README.md||pirms 2 nedēļām|
|me.asc||pirms 2 nedēļām|
PGP keys signed by me so I don't have to validate the same keys again-and-again and can just trust my own paper verified fingerprint in the subsequent validations.
WoT? Web Of Trust
For example, I use Tor Browser everywhere and download it directly from their website. They have signed it using GPG (a OpenPGP implementation) and to ensure it hasn't been tampered with, I have to check that signature and I have two options:
This second method is also encouraged by Tails.
What if I am wrong and trust the wrong key? I think I am less likely to trust a wrong key by verifying it carefully and signing it once than verifying it separately every time. However if I do sign a wrong key, I can always revoke my signature and then publish the key with my revocation signature on public keyservers (which I don't usually do, while I cannot control what people do with the signatures from this repository).
me/me.ascis just my key and place where I try to keep all signatures it has received. Symlinks are legacy reasons and other me's are also me.