S
Hi @stevedennis, thank you.
I contemplated the idea store the fingerprint in another location (and doing so at a point in time when I'm convinced things are not compromised), and then, when a new host is to subscribe to the ProGet feed, compare the calculated fingerprint of the ProGet provided key with the one obtained from the other store. If they do not match I know one of them have been tampered with.
But maybe I'm going overboard, and I still can do it by downloading the key to the second location and calculating the fingerprint there if I really want to, so things are fine.
Thank you again,
Stefan