Jonas Smedegaard dijo [Thu, Jun 23, 2016 at 10:30:21PM +0200]: > I sign keys by a similar policy as Gunnar, it seems. But I do sign also > people I have not met before... > > The logic I use is that I should be able to re-identify later. If I > meet the person later I might have forgotten their name (I easily do) > but if they remind me and tie it to something we talked about or did > together, I should go "Ahhh!" rather than "hmmm". > > It is a balancing act. Easiest is to only trust your mother and very > close friends through many years, but you also want to expand the web of > trust (and maybe also social circles, but that is a _different_ matter). Excelent! I knew you were a good friend to keep around ;-) > I think what can help here is expiry time on signatures: If my gut > feeling says that the person I've discussed perl with for an hour does > not really etch into my brain that efficiently, and I worry if we bump > into each other, say 3 years from now, then I would've forgotten who it > is. What I then do is sign but with an expiry of the key of 1-2 years. > > Expiry on signatures is relatively new to me, however, so I welcome > input on how that is sensible or not. And also on how to eventually > extend the lifespan. OK, so the people that agree with Jonas are exempt from attending my session in DebConf, Monday 2016.07.04, 4PM. I expect to show some pretty graphs and talk about how I have been having fun with the keyring lately :-) So welcome to join, or to stream. Or to see later, of course!
Attachment:
signature.asc
Description: Digital signature