Re: [Debconf-discuss] GPG keysigning?
On Sat, 2009-06-13 at 16:05 +0300, Aigars Mahinovs wrote:
> 2009/6/11 Aníbal Monsalve Salazar <anibal@v7w.com>:
> > I was thinking about accepting only keys that don't suffer from the
> > recently discovered weaknesses.
> >
> > What people think about that?
>
> If we do that, the new keys will not get signatures by people that
> have not generated a new key
True.
Two side-effects:
1. People are encouraged to generate a new key, which is good.
2. No effort is spent on signing old keys, which is also good.
> and thus the only link between the new
> and the old keys in the web of trust will be the self-signatures.
Not true. Participants can use their own old and new keys to sign other
participants new keys.
> It
> would be better IMHO if all participants (who made a new key) would
> use both keys for this signing party
Yes, sign with both keys is OK.
> and sign all keys with both their
> new and their old key thus establishing a much more interwoven web of
> trust for the new keys.
It is more useful to focus on getting more signatures added to the new
keys, not to the old keys.
>
> Or in other words: you make my new shiny key get less signatures - you meany!
>
Not true, since the shiny new keys get lots of signatures from old and
new keys.
See also the part "not the other way around" on this page:
http://www.debian-administration.org/users/dkg/weblog/48
Regards,
Bart Martens
Reply to: