Previously Ian Jackson wrote: > For now accepting any valid signature should be fine; there is no > reason why nondevelopers should not be able to mail debian-ctte. How will their signatures be verified? I don't think the list software will pull in all keys from a keyserver on demand. Wichert. -- Wichert Akkerman <wichert@wiggy.net> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple.