Re: [Debconf-discuss] using OpenPGP notations to indicate keysigning practices [was: Re: GPG keysigning?]
On Wed, Jun 24, 2009 at 3:14 AM, Daniel Kahn
Gillmor<dkg@fifthhorseman.net> wrote:
> I think that misses a critical point; i want to use my OpenPGP key for a
> variety of purposes both in and out of debian. I consider it a baseline
> tool for managing my digital identity. While i'm happy to obey
> debian-specific guidelines for debian-specific purposes, i have no
> intention of obeying debian-specific guidelines for projects outside of
> debian, except perhaps by coincidence.
>
> I'm *not* saying that i will sign keys blindly or anything, but there
> are scenarios and groups i interact with where it is meaningful and/or
> useful to sign a role key, a machine key, or a pseudonymous key, for
> example. If debian makes up some debian-specific guidelines that say
> "you must not sign pseudonymous keys", i cannot follow those
> instructions without changing my key (or having a debian-specific key
> unrelated to my non-debian identity, which seems to defeat the whole
> point of the binding).
Would subkeys help in this scenario? (hint hint, some good docs about
real-world subkey usage are needed).
--
bye,
pabs
http://wiki.debian.org/PaulWise
Reply to: