I looked around at a couple of other systems. It looks like SourceForge does not allow anonymous users access to the ssh or gpg keys. Savannah allows access to the GPG key, through a download link.
OT1H I can appreciate the privacy concerns, but OTOH you /are/ talking about keys that are intended to be public. Many people post their pubkeys on their websites, or publish their GPG keys in public keyservers, easily accessible by keyid.
I always make sure any comment fields in public keys do not have valid fully qualified email addresses. We could obfuscate them or hide the keys behind a login, but it has the feel of a finger-in-the-dike solution. I'm +0 on hiding keys from anonymous users.
I looked around at a couple of other systems. It looks like SourceForge does not allow anonymous users access to the ssh or gpg keys. Savannah allows access to the GPG key, through a download link.
OT1H I can appreciate the privacy concerns, but OTOH you /are/ talking about keys that are intended to be public. Many people post their pubkeys on their websites, or publish their GPG keys in public keyservers, easily accessible by keyid.
I always make sure any comment fields in public keys do not have valid fully qualified email addresses. We could obfuscate them or hide the keys behind a login, but it has the feel of a finger-in-the-dike solution. I'm +0 on hiding keys from anonymous users.