amuza:
Hi,
I have not found your OpenPGP keys or signed packages at jami.org
Maybe they are there and I have not found them. Please let me know if
you gpg-sign your packages.
Thank you!
As I got no answer, I guess you don't sign your packages.
But, if that's the case, why?
It would be good for every Jami user to have a public key we can always
trust when verifying a Jami package. Wouldn't it?
That is a very common thing, specially for this kind of software. Not
having it can make existing and potential new Jami users feel suspicious
or less secure.
Of course we users would need to trust the signer, maybe by trusting
some other signature in their key, but that's a complete different story.