[Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Manoj Srivastava <srivasta@debian.org> writes:
> It has come to my attention that Martin Kraff used an
> unofficial, and easily forge-able, identity device at a large key
> signing party recently. This was apparently to belabour the obvious
> point that large KSP's are events where it is hard to reasonably
> check. in a large international KSP, anything beyond matching
> pictures/names/expiry dates, especially after an hour or so after
> starting.
So, you are confident that the person who did this is in fact Martin
Kraff, right?
> Based on this, I strongly suggest that mere signatures on a
> new maintainers key from a DD be also not enough, since people have
> now effectively proven how easily signatures may be obtained at a
> large KSP by just about anyone with money for a easily faked ID.
What would you suggest instead?
Reply to: