Re: [Debconf-discuss] GPG keysigning?
On Tue, Jun 23, 2009 at 12:11:54PM -0700, Don Armstrong wrote:
> On Tue, 23 Jun 2009, Sami Liedes wrote:
> > On Tue, Jun 23, 2009 at 10:43:53AM -0700, Don Armstrong wrote:
> > > Perhaps it would be good enough to have the public
> > > checksum-checking part of the keysigning party very early on in
> > > Debconf, and then do the signing later on during meals, where
> > > there would be an opportunity for more informal interaction to
> > > establish identity, etc. beyond the 20 seconds or so that you have
> > > during a mass keysigning.
> >
> > That's a compromise of some kind. I don't think it's necessary the
> > best possible compromise, though. There seem to be two conflicting
> > needs here, which both seem to me to have some importance:
> >
> > a) That the ID check needs to be more than casual, and the nature of
> > a mass key signing party often results in lax checks;
> >
> > b) That a strong WOT is a strongly connected WOT, with lots of
> > (proper) signatures.
>
> You can't have b without a. And it's very difficult to do (a) in a
> large setting. Plus, we might as well bring in the social interactions
> that doing (a) properly entails, and a place to do that which is less
> time restricted is probably better.
>
> That said, we can always do a massive key signing if it doesn't work
> out.
Firstly, my apologies for opening this can of worms.
Having said that, I like Don's idea a lot.
Perhaps it would be worth setting up a system to generate the list of
DebConf attendees furthest from one's own key in the WoT, to give people
targets to hunt down, while tightening the WoT most efficiently.
Cheers,
Reply to: