stop encouraging unnecessary usage of GPG
This key rotation happened a long time ago. It's safer to avoid GPG than trying to use it for additional assurance, especially since the signify public key has been made available at multiple locations to allow easy verification.
This commit is contained in:
parent
7289334e04
commit
561fd90725
@ -204,10 +204,7 @@ Installed as /home/username/downloads/platform-tools/fastboot</pre>
|
||||
<p>This is the content of <code>factory.pub</code>:</p>
|
||||
<pre>untrusted comment: GrapheneOS factory images public key
|
||||
RWQZW9NItOuQYJ86EooQBxScfclrWiieJtAO9GpnfEjKbCO/3FriLGX3</pre>
|
||||
<p>The <code>factory.pub</code> has
|
||||
<a href="https://releases.grapheneos.org/factory.pub.asc">a detached signature</a>
|
||||
made with the previously used GPG key to verify that this is an authorized key
|
||||
rotation. The public key has also been published via the official
|
||||
<p>The public key has also been published via the official
|
||||
<a href="https://twitter.com/GrapheneOS/status/1145259815851253762">@GrapheneOS Twitter
|
||||
account</a>,
|
||||
<a href="https://www.reddit.com/r/GrapheneOS/comments/c7gb3f/grapheneos_factory_images_are_now_signed_with/esewpm9">the /u/GrapheneOS
|
||||
|
Loading…
x
Reference in New Issue
Block a user