Re: [Debconf-discuss] GPG keysigning?

[Don Armstrong <don@donarmstrong.com>]

On Tue, 23 Jun 2009, Sami Liedes wrote:
> On Tue, Jun 23, 2009 at 10:43:53AM -0700, Don Armstrong wrote:
> > Perhaps it would be good enough to have the public
> > checksum-checking part of the keysigning party very early on in
> > Debconf, and then do the signing later on during meals, where
> > there would be an opportunity for more informal interaction to
> > establish identity, etc. beyond the 20 seconds or so that you have
> > during a mass keysigning.
> 
> That's a compromise of some kind. I don't think it's necessary the
> best possible compromise, though. There seem to be two conflicting
> needs here, which both seem to me to have some importance:
> 
> a) That the ID check needs to be more than casual, and the nature of
> a mass key signing party often results in lax checks;
> 
> b) That a strong WOT is a strongly connected WOT, with lots of
> (proper) signatures.

You can't have b without a. And it's very difficult to do (a) in a
large setting. Plus, we might as well bring in the social interactions
that doing (a) properly entails, and a place to do that which is less
time restricted is probably better.

That said, we can always do a massive key signing if it doesn't work
out.


Don Armstrong

-- 
Taxes are not levied for the benefit of the taxed.
 -- Robert Heinlein _Time Enough For Love_ p250

http://www.donarmstrong.com              http://rzlab.ucr.edu