From 371d5471a5bbbf6f730e3f548b7331df1d1598cb Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 12 Nov 2020 22:46:59 -0800 Subject: [PATCH] Remove keyserver and search engine ideas --- project-security/verifying-signatures.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/project-security/verifying-signatures.md b/project-security/verifying-signatures.md index 6f0b346d..6e6c0ca9 100644 --- a/project-security/verifying-signatures.md +++ b/project-security/verifying-signatures.md @@ -123,8 +123,6 @@ That's why we strongly suggest obtaining the fingerprint from *multiple, indepen Here are some ideas for how to do that: - - Download the key from different keyservers. - - Use different search engines to [search](https://duckduckgo.com/?q=%22427F+11FD+0FAA+4B08+0123+F01C+DDFA+1A3E+3687+9494%22) for the fingerprint. - Check the fingerprint on various websites (e.g., [mailing lists](https://groups.google.com/g/qubes-devel/c/RqR9WPxICwg/m/kaQwknZPDHkJ), [discussion forums](https://qubes-os.discourse.group/t/there-is-no-way-to-validate-qubes-master-signing-key/1441/9?u=adw), [social](https://twitter.com/rootkovska/status/496976187491876864) [media](https://www.reddit.com/r/Qubes/comments/5bme9n/fingerprint_verification/), [personal websites](https://andrewdavidwong.com/fingerprints.txt)). - Check against PDFs, photographs, and videos in which the fingerprint appears (e.g., [slides from a talk](https://hyperelliptic.org/PSC/slides/psc2015_qubesos.pdf), on a [T-shirt](https://twitter.com/legind/status/813847907858337793/photo/2), or in the [recording of a presentation](https://youtu.be/S0TVw7U3MkE?t=2563)).