Re: [Debconf-discuss] Please don't upload GPG keys to keyserver when signing them

To: Andreas Tille <andreas@fam-tille.de>
Cc: debconf-discuss@lists.debconf.org
Subject: Re: [Debconf-discuss] Please don't upload GPG keys to keyserver when signing them
From: Manoj Srivastava <srivasta@acm.org>
Date: Thu, 06 Aug 2009 02:38:21 -0500
Message-id: <[🔎] 87tz0lxuhe.fsf@anzu.internal.golden-gryphon.com>
Mail-followup-to: Andreas Tille <andreas@fam-tille.de>, debconf-discuss@lists.debconf.org
In-reply-to: <[🔎] 20090806071500.GE1638@an3as.eu> (Andreas Tille's message of "Thu, 6 Aug 2009 09:15:00 +0200")
References: <[🔎] 20090806063413.GR1684@mykerinos.kheops.frmug.org> <[🔎] 20090806071010.GB7887@login2.uio.no> <[🔎] 20090806071500.GE1638@an3as.eu>

On Thu, Aug 06 2009, Andreas Tille wrote:

> On Thu, Aug 06, 2009 at 09:10:10AM +0200, Petter Reinholdtsen wrote:
>> Personally, I prefer it if people just upload the signatures on my key
>> directly into the keyservers, and I ask the people I sign keys for if
>> it is OK for me to do the same.  It is less work for me, and I am not
>> really worried about the people I sign keys for not controling the
>> email address they claim to have, after seeing them around in the
>> project for a while. :) If you do not believe the person in front of
>> you is telling the truth, I believe it is better to not sign the
>> key. :)
>
> IMHO this thread leads directly to a new meta-information on the
> KSP list:

        This implies that you might have misunderstood the reason behind
 not wanting to upload signed keys to the keyservers.

>    Do you prefer direct upload to keyservers?: yes / no
>
> This should be printed on the list and people could handle accordingly.
>

        The preference, and the risk, belongs to the signers, not the
 signee. 

        manoj
-- 
"If it's not loud, it doesn't work!" Blank Reg, from "Max Headroom"
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

Follow-Ups:
- Re: [Debconf-discuss] Please don't upload GPG keys to keyserver when signing them
  - From: Andreas Tille <andreas@fam-tille.de>

References:
- [Debconf-discuss] Please don't upload GPG keys to keyserver when signing them
  - From: Christian Perrier <bubulle@debian.org>
- Re: [Debconf-discuss] Please don't upload GPG keys to keyserver when signing them
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: [Debconf-discuss] Please don't upload GPG keys to keyserver when signing them
  - From: Andreas Tille <andreas@fam-tille.de>

Prev by Date: Re: [Debconf-discuss] Please don't upload GPG keys to keyserver when signing them
Next by Date: [Debconf-discuss] preventing direct keyserver uploads (was: Please don't upload GPG keys to keyserver when signing them)
Previous by thread: Re: [Debconf-discuss] Please don't upload GPG keys to keyserver when signing them
Next by thread: Re: [Debconf-discuss] Please don't upload GPG keys to keyserver when signing them
Index(es):
- Date
- Thread