<p>For example, if you first [[authenticate the Tails signing key through the OpenPGP Web of Trust|install/download#wot]], then you can verify our others keys as they are all certified by the Tails signing key.</p>
The secret key material and its passphrase are stored on the server that runs our encrypted mailing list software and on systems managed by core Tails developers.
This means people other than Tails developers are in a position to use this secret key. Tails developers trust these people enough to rely on them for running our encrypted mailing list, but still: this key pair is managed in a less safe way than our signing key.