[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: long term goals of debian membership

Bob Hilliard <hilliard@debian.org> writes:

> Martin Michlmayr <tbm@debian.org> writes:
> 
> >   - If you have not generated a GnuPG key yet, please do so.  Your GPG
> >     key must be a sign AND encryption key.  
> 
>      Why should an encryption key be required?

 o Both DAM account creation and db.debian.org password changing
   scripts assume an encrypt-capable key and fail in nasty ways when
   they are given one that isn't.

 o Every single sign-only key I've seen, without exception, has been a
   mistake; the user didn't realise the implications of choosing a
   DSA-only key.

 o Both privacy and consistency are good; it's nice to be able to
   contact someone with a degree of privacy not afforded by
   unencrypted email and currently you can encrypt mail to any Debian
   developer.

Don't get me wrong, if someone can demonstrate a genuine reason why
it's impossible for them to have a sign+encrypt key, we'll talk.  But
for the 644 existent developers, this hasn't been the case, so for now
I'd rather discourage a common mistake and deal with the problem of
encrypt not being possible when and if we come to it.

-- 
James
Reply to: