Walletwasabi: Change PGP Key URL in the website
Is your feature request related to a problem? Please describe.
In the index page of the website the PGP signing key currently links to https://github.com/zkSNACKs/WalletWasabi/blob/master/PGP.txt but there is no easy way to use something like curl on this page to get the key without all the JS and HTML.
Describe the solution you'd like
Link to https://raw.githubusercontent.com/zkSNACKs/WalletWasabi/master/PGP.txt which is a raw (i.e. no HTML or JS) version.
crimsonskylark
All 6 comments
Concept NACK. Easy access to the file history is an additional layer of security here.
nopara73
on 23 Aug 2019
I beg to differ, since whoever is importing the key is expected to check the key fingerprint somewhere else anyway, but it's your call. Thanks for answering.
crimsonskylark
on 23 Aug 2019
I'm not the sole decision maker of this repo anymore, so I reopen your issue to let others chime in, too.
nopara73
on 23 Aug 2019
We discussed this on Devmeeting. I agree with @nopara73 website is used by humans, so the link can point to a github site where history, comments, etc are available.
Automated processes still can use https://raw.githubusercontent.com/zkSNACKs/WalletWasabi/master/PGP.txt
It won't be moved elsewhere so it can be hard coded.
molnard
on 29 Aug 2019
I wasn't talking about automated processes (it would be pointless to automate the process of importing a key) but rather the common work flow in which someone may do curl site.com/key.asc | gpg --with-fingerprint -, which displays the fingerprint but does not import the key. However, I understand the given rationale and will not insist. Thanks again for answering.
crimsonskylark
on 29 Aug 2019
There are no solutions, only tradeoffs.
nopara73
on 29 Aug 2019
Related issues
MaxHillebrand
路
3Comments
yahiheb
路
3Comments
UkolovaOlga
路
3Comments
the-metalworker
路
3Comments
MaxHillebrand
路
3Comments
Most helpful comment
I'm not the sole decision maker of this repo anymore, so I reopen your issue to let others chime in, too.