Re: PGP Key Signing HOWTO: preparation for Linux Expo

To: james@nocrew.org
Cc: debian-devel@lists.debian.org
Subject: Re: PGP Key Signing HOWTO: preparation for Linux Expo
From: "Juergen A. Erhard" <jae@jae.ddns.org>
Date: Tue, 4 May 1999 06:24:59 +0200
Message-id: <[🔎] 04051999.1@sanctum.jae>
In-reply-to: <[🔎] 87eml0n1i4.fsf@nocrew.org> (message from James Troup on 01 May 1999 18:28:03 +0100)
References: <19990224162451.A25362@cs.leidenuniv.nl> <Pine.LNX.3.96.990428045100.6156C-100000@localhost> <19990428131955.A30388@ecn.purdue.edu> <19990428131324.B18945@debian.org> <87n1zrrs4p.fsf@glaurung.green-gryphon.com> <01051999.4@sanctum.jae> <[🔎] 87eml0n1i4.fsf@nocrew.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "James" == James Troup <james@nocrew.org> writes:

    James> "Juergen A. Erhard" <jae@jae.ddns.org> writes:
    >> It certainly isn't for me... I wouldn't accept anything *but*
    >> another maintainer's signature.

    James> Well that's wonderfully fair for people who live in a
    James> country which has no other Debian developer.  What did you
    James> want them to do?  Fly abroad just so they can meet another
    James> developer?

Nope... okay, I apologize to all isolated maintainers.

But do `we' require another maintainer's signature if feasible?  Can
we, could/would we require some effort?  As in, travelling?  How much
of this, if at all?

Like if I wanted to become a maintainer... if I knew some
maintainer(s) in the same city, could I still take the `signed scanned
ID' route?  I hope not.

But what if the next maintainer is a city away?  Okay, take german
population density and say I'd have to take a half-hour train trip.
Too much?  Or okay for more security?

I'm not trying to critize anyone (not yet ;-), I'm just curious how
the new maintainer team deals with this (I'm not aware of anything
official on this... however, if there is, just point me to it and I'll
shut up).

    James> We're well aware it's a less than perfect mechanism, but
    James> it's the best we can do without unfairly excluding people.

You're right, I was a bit too strong here...

    James> \bitch{Besides, given the attitude of certain Debian developers
    James> towards keyring signing, I don't much trust a cross-signing unless I
    James> know the signators.}

Can't comment on that ("so why do you, dummy!" ;-)

Bye, J

- -- 
Jürgen A. Erhard      eMail: jae@ilk.de      phone: (GERMANY) 0721 27326
	 My WebHome: http://members.tripod.com/~Juergen_Erhard
	  Electronic Frontier Foundation (http://www.eff.org)
	     pros do it for money -- amateurs out of love.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.5b (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjcudpoACgkQN0B+CS56qs3uhQCggtvBlLNwsWP9lDW+PoOZpQVE
wOEAoIyhWeWvp+0B+3Hlt4BIRnvoHMNG
=bkM8
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: PGP Key Signing HOWTO: preparation for Linux Expo
  - From: James Troup <james@nocrew.org>

Prev by Date: Re: Development machines (was KDE debs)
Next by Date: Re: sensible-browser script ?
Previous by thread: Re: PGP Key Signing HOWTO: preparation for Linux Expo
Next by thread: Re: Ian Jackson in Prague
Index(es):
- Date
- Thread