path: root/dev/archive/signing.mdwn
diff options
Diffstat (limited to 'dev/archive/signing.mdwn')
1 files changed, 9 insertions, 0 deletions
diff --git a/dev/archive/signing.mdwn b/dev/archive/signing.mdwn
index e7d6168..0dfd6be 100644
--- a/dev/archive/signing.mdwn
+++ b/dev/archive/signing.mdwn
@@ -39,6 +39,15 @@ key(s) into their keyring.
If keys are distributed with prokit, **revocations and key transitions need to
be handled somehow**.
+A user already has to import a key into their own keyring to verify their prokit
+download. Maybe it's better to just instruct users to also download the archive
+signing key(s) into their keyrings. This takes advantage of existing PKI, and
+leaves users to make sure their keyring is kept updated with signatures,
+revocations, changed expiration dates, and transitions. It also avoids having
+released prokit versions "expire" due to included keys expiring.
+Suggestions welcome.