[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PGP Key Signing HOWTO: preparation for Linux Expo

Hash: SHA1

>>>>> "James" == James Troup <james@nocrew.org> writes:

    James> "Juergen A. Erhard" <jae@jae.ddns.org> writes:
    >> It certainly isn't for me... I wouldn't accept anything *but*
    >> another maintainer's signature.

    James> Well that's wonderfully fair for people who live in a
    James> country which has no other Debian developer.  What did you
    James> want them to do?  Fly abroad just so they can meet another
    James> developer?

Nope... okay, I apologize to all isolated maintainers.

But do `we' require another maintainer's signature if feasible?  Can
we, could/would we require some effort?  As in, travelling?  How much
of this, if at all?

Like if I wanted to become a maintainer... if I knew some
maintainer(s) in the same city, could I still take the `signed scanned
ID' route?  I hope not.

But what if the next maintainer is a city away?  Okay, take german
population density and say I'd have to take a half-hour train trip.
Too much?  Or okay for more security?

I'm not trying to critize anyone (not yet ;-), I'm just curious how
the new maintainer team deals with this (I'm not aware of anything
official on this... however, if there is, just point me to it and I'll
shut up).

    James> We're well aware it's a less than perfect mechanism, but
    James> it's the best we can do without unfairly excluding people.

You're right, I was a bit too strong here...

    James> \bitch{Besides, given the attitude of certain Debian developers
    James> towards keyring signing, I don't much trust a cross-signing unless I
    James> know the signators.}

Can't comment on that ("so why do you, dummy!" ;-)

Bye, J

- -- 
Jürgen A. Erhard      eMail: jae@ilk.de      phone: (GERMANY) 0721 27326
	 My WebHome: http://members.tripod.com/~Juergen_Erhard
	  Electronic Frontier Foundation (http://www.eff.org)
	     pros do it for money -- amateurs out of love.
Version: GnuPG v0.9.5b (GNU/Linux)
Comment: For info see http://www.gnupg.org


Reply to: