AscendForever

Info

Keys/Certs

Main GPG key (https/secure/tor/i2p)
5918 D07F E231 369D ED4B 64A1 B55C 500F 8AF2 6AEB
Repos GPG key (https/secure/tor/i2p)

From dep repo server (tor)

From rpm repo server (tor)
D2D5 D62E 1D42 4C29 EB38 4869 B82C 9D90 C781 1B6A
Root CA certificate (https/secure/tor/i2p)

GPG signature (https/secure/tor/i2p)

URLs labeled "secure" use this.

FAQ

Why the tor and i2p sites?

Tor and i2p sites provide end to end encryption with no CA trust.

What are the "secure" sites?

These provide end to end encryption with a private CA.

What's the best way to verify GPG keys?

Download them from separate servers (main site / repo / externally) and verify they are all the same. If they don't match, let me know.

How are the packages secured?

All packages are signed locally with split-gpg. Repo servers have no special trust.

How are the git repos secured?

I use dedicated ssh keys for every repo and use split-ssh. There are also github mirrors for all repos, if you trust github infra more. Technically the packages are marginally more secure in comparison to the repos, since they do not rely on infra trust whatsoever.

What OS to use?

Qubes OS

Is ___ you? If it isn't linked on this site, it isn't me.

Have other questions? Let me know!