[Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

To: debian-devel@lists.debian.org
Cc: debconf-discuss@lists.debconf.org
Subject: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
From: Thomas Bushnell BSG <tb@becket.net>
Date: Thu, 25 May 2006 18:25:13 -0700
Message-id: <[🔎] u1hhd3dinly.fsf@kempis.becket.net>
In-reply-to: <[🔎] 871wuiimii.fsf@glaurung.internal.golden-gryphon.com> (Manoj Srivastava's message of "Thu, 25 May 2006 02:36:37 -0500")
References: <[🔎] 871wuiimii.fsf@glaurung.internal.golden-gryphon.com>

Manoj Srivastava <srivasta@debian.org> writes:

>         It has come to my attention that Martin Kraff used an
>  unofficial, and easily forge-able, identity device at a large key
>  signing party recently.  This was apparently to belabour the obvious
>  point that large KSP's are events where it is hard to reasonably
>  check. in a large international KSP, anything beyond matching
>  pictures/names/expiry dates, especially after an hour or so after
>  starting.

So, you are confident that the person who did this is in fact Martin
Kraff, right?

>         Based on this, I strongly suggest that mere signatures on a
>  new maintainers key from a DD be also  not enough, since people have
>  now effectively proven how easily signatures may be obtained at a
>  large KSP by just about anyone with money for a easily faked ID.

What would you suggest instead?

Reply to:

References:
- [Debconf-discuss] Please revoke your signatures from Martin Kraff's keys
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Next by Date: Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Previous by thread: Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Next by thread: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Index(es):
- Date
- Thread