[03:15] <SpamapS> smoser: http://download.cirros-cloud.net/streams/v1/index.json.gpg <-- whose key is that?
[03:16] <SpamapS> smoser: doesn't mean much to sign things if the public key isn't itself in the web of trust
[03:22] <SpamapS> smoser: anyway, I need to know where I can fetch that key so I can use cirros w/o wondering if I've been MITM'd
[17:09] <harlowja> my guess SpamapS is thats smoser key, but not sure
[17:09] <harlowja> since smoser is mr.cirros
[17:12] <SpamapS> it is not
[17:12] <SpamapS> harlowja: that key is unknown.. not in any key servers.
[17:12] <harlowja> hmmm
[17:12] <harlowja> not my key
[17:12] <SpamapS> Ideally smoser would sign it, and upload the signed public key
[17:12] <harlowja> agreed
[17:13] <SpamapS> Actually ideally several people would sign it, whoever has root on the box that builds those really.
[17:13] <SpamapS> But smoser has enough sigs.. his key is good enough for me. :)
[17:14] <harlowja> :-P