I don't know if this was ever fixed for bazaar, but I'm now encountering the same issue with git.launchpad.net and being unable to verify the host keys.
While I'd love for something like monkeysphere signed keys:
web.monkeysphere.info
The OpenPGP web of trust is probably not strong enough for most users.
It's been proposed *years* ago to host a webpage with the appropriate ssh keys... at the very least that would be *something*.
Leaving users of launchpad open to MITM attacks is a bit unfortunate...
I don't know if this was ever fixed for bazaar, but I'm now encountering the same issue with git.launchpad.net and being unable to verify the host keys.
While I'd love for something like monkeysphere signed keys:
web.monkeysph ere.info
The OpenPGP web of trust is probably not strong enough for most users.
It's been proposed *years* ago to host a webpage with the appropriate ssh keys... at the very least that would be *something*.
Leaving users of launchpad open to MITM attacks is a bit unfortunate...