Re: [Debconf-discuss] DebConf17: Last call for keys for keysigning in Montreal, Canada
On Wed 2017-07-26 18:38:27 +0200, Wouter Verhelst wrote:
> On Wed, Jul 26, 2017 at 02:23:20PM +0200, Nicolas Dandrimont wrote:
>> Or should gpgsigs be fixed to ignore comments?
>
> No, not in a million years.
I agree with Wouter that comments should not be ignored.
> Comments have reason. There are good reasons to recommend against them,
> and perhaps GnuPG should be updated so that the system does not ask for
> a comment by default,
This has already happened, and it fixed in debian stable :)
> but when they exist, they may sometimes provide valuable information.
even when they provide un-valuable information (which is most of the
time; and sometimes User ID "comments" even provide value-negative
information), it's important that someone who is considering certifying
such a user ID *know* what they are certifying.
I don't think it would be misplaced to advocate against User ID comments
in this space. But it's certainly a bad idea to encourage people to
ignore a chunk of what they're publicly signing.
I look at it this way: if I ask someone to sign my key, i'm asking them
to make a public statement about information related to me. If they
have no way of feeling satisfied that they have verified that
information, they can (and probably should) decline to make such a
certification. Meaning: they won't sign my key if there are weird or
unhelpful comments on the userid i've asked them to consider.
--dkg
Reply to: