CA for maintenance and installation of GNU/Linux

Security CA is a GPG key signing public keys which are usefull/necessary when installing a GNU/Linux System

-- Julien TINNES, Fri Jan 21 14:07:15 CET 2005

Security CA public key
Public keys signed by Security CA
Signed README

[GPG Key signing usefull for installation GPG keys]

If you trust me, and trust that this key comes from me, you could use this to validate some usefull public keys and could import the whole keyring above and check the signature from Security-CA on the keys.

If you don't trust me or can't check that this is the correct Security-CA public key, you could download public keys from a keyserver and use Security-CA signature as "better than nothing" security.

The signed keys have not been _really_ checked (I have not met individuals and checked their papers). However I used different internet connections and different sources to download the keys and checked they all were the same.
Moreover I've used most of those keys for several years and checked _a lot_ of files using them, meaning that if an attacker managed to give me a bad key, he also managed to give signatures from this key for a lot of files downloaded using several different internet connections downloading from several different mirrors for several years.

Here are the signed keys and how they have been checked:

Debian: Debian Archive Automatic Signing Key (2004)
* Downloaded using at least 5 different internet connections
* Downloaded from at least two different sources (several times)
* Used very often during one year from at least 5 different internet connections

GRsecurity: Bradley Spengler (spender)
* Downloaded using at least 5 different internet connections
* Downloaded from at least two different sources (several times)
* Used very often during ~two years from at least 5 different internet connections

loop-aes: Jari Ruusu
* Downloaded using at least 5 different internet connections
* Downloaded from at least two different sources (several times)
* Used very often for more than two years from at least 5 different internet connections

Linux Kernel: Linux Kernel Archives Verification Key
* Downloaded using at least 5 different internet connections
* Downloaded from at least two different sources (several times)
* Used very often for more than three years from at least 5 different internet connections

Marillat Debian sources: Christian Marillat
* Downloaded using at least 3 different internet connections
* Downloaded from at least two different sources (several times)
* Used very often for more than three years from at least 3 different internet connections