On 28/06, Martin Michlmayr wrote:
| * Mark Brown <firstname.lastname@example.org> [20010628 16:53]:
| > Does the GPG key need to be signed or does it just need to exist? I
| > had been under the impression that other forms of identification
| > were still possible, though severely discouraged.
| Yeah, those forms still exist. The web site even says
| Do you yet have a GPG key signed by a current developer or some
| other photo ID scanned in and signed with your GPG key?
| But I usually talk of 'signed keys' because that's the preferred
| method and because it is usually possible to get a signature these
I also think that Debian should accept scanned IDs signed with a trusted
X509 key (as the one issued for free by Thawte (http://www.thawte.com/)). This
would allow people who went through the heavy Thawte id checking to have
their identity trusted by the Debian project.