Re: long term goals of debian membership
Bob Hilliard <hilliard@debian.org> writes:
> Martin Michlmayr <tbm@debian.org> writes:
>
> > - If you have not generated a GnuPG key yet, please do so. Your GPG
> > key must be a sign AND encryption key.
>
> Why should an encryption key be required?
o Both DAM account creation and db.debian.org password changing
scripts assume an encrypt-capable key and fail in nasty ways when
they are given one that isn't.
o Every single sign-only key I've seen, without exception, has been a
mistake; the user didn't realise the implications of choosing a
DSA-only key.
o Both privacy and consistency are good; it's nice to be able to
contact someone with a degree of privacy not afforded by
unencrypted email and currently you can encrypt mail to any Debian
developer.
Don't get me wrong, if someone can demonstrate a genuine reason why
it's impossible for them to have a sign+encrypt key, we'll talk. But
for the 644 existent developers, this hasn't been the case, so for now
I'd rather discourage a common mistake and deal with the problem of
encrypt not being possible when and if we come to it.
--
James
Reply to: