Comment 10 for bug 238869

I don't know if this was ever fixed for bazaar, but I'm now encountering the same issue with git.launchpad.net and being unable to verify the host keys.

While I'd love for something like monkeysphere signed keys:

  web.monkeysphere.info

The OpenPGP web of trust is probably not strong enough for most users.

It's been proposed *years* ago to host a webpage with the appropriate ssh keys... at the very least that would be *something*.

Leaving users of launchpad open to MITM attacks is a bit unfortunate...