[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] Call for keys for keysigning in Edinburgh during DebConf7

On Wed, May 23, 2007 at 10:59:22AM +0100, Philip Hands wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Christian Perrier wrote:
> ...
> > As a tentative help to Manoj's concern (getting the list of such
> > untrustable people), I add my own little brick by suggesting to use
> > the output of "gpg --list-sigs 0xC0143D2D" as a start. As far as I
> > remember, probably over 95% of the signatures here were done during
> > Debconf keysigning parties by those weak links in the web of trust.
> > 
> > Of course, adding the owner of 0xC0143D2D at the top of the list is
> > highly recommended.
> 
> I'd say that only about 50% or 60% of the signatures on DD9B9910 would be
> from such signings, but Manoj could look at the intersection of the sets of
> signers for our two keys for inspiration -- and add me to his list while
> he's about it.
> 
> In fact, this would probably give him a good starting point for building
> Manoj's web of distrust -- I'll be interested to see how it compares to
> Debian's web of trust :-)

My guess is that Manoj's web of trust would be very small indeed. The
web of *dis*trust is by definition "whatever is not in the web of
trust", so does not compare to Debian's web of trust by an order of
magnitude -- not just those who have a GPG key but aren't in the Debian
keyring, but also those who *don't* have a GPG key...

-- 
Shaw's Principle:
	Build a system that even a fool can use, and only a fool will
	want to use it.
Reply to: