Project:Infrastructure/Authority Keys

OpenPGP Authority Keys provide a secure and convenient method of validating the OpenPGP keys used by Gentoo developers. The service automatically signs the @gentoo.org identifiers of developer keys, providing full compatibility with the Web of Trust model. Please note that only the fact that a particular key is listed by the owner of @gentoo.org e-mail address is confirmed. In particular, real names are not verified.

Recommended usage
First, fetch the relevant Authority Keys:

Verify the authenticity of the L1 key. Preferably do this via OpenPGP WoT. However, if your WoT does not cover the key, use fingerprints from www.gentoo.org signatures page.

Once you verify the L1 key, issue a local trust signature with depth=2, domain=gentoo.org:

From now on, all @gentoo.org UIDs signed with L2 keys will be considered fully valid.