Re: long term goals of debian membership
James Troup <james@nocrew.org> writes:
> Bob Hilliard <hilliard@debian.org> writes:
>
> > Martin Michlmayr <tbm@debian.org> writes:
> >
> > > - If you have not generated a GnuPG key yet, please do so. Your GPG
> > > key must be a sign AND encryption key.
> >
> > Why should an encryption key be required?
>
> o Both DAM account creation and db.debian.org password changing
> scripts assume an encrypt-capable key and fail in nasty ways when
> they are given one that isn't.
>
> o Every single sign-only key I've seen, without exception, has been a
> mistake; the user didn't realise the implications of choosing a
> DSA-only key.
>
> o Both privacy and consistency are good; it's nice to be able to
> contact someone with a degree of privacy not afforded by
> unencrypted email and currently you can encrypt mail to any Debian
> developer.
>
> Don't get me wrong, if someone can demonstrate a genuine reason why
> it's impossible for them to have a sign+encrypt key, we'll talk. But
> for the 644 existent developers, this hasn't been the case, so for now
> I'd rather discourage a common mistake and deal with the problem of
> encrypt not being possible when and if we come to it.
"Vince Mulhollon" <vlm@norlight.com> just posted an excellent
rationale for requiring encryption capability - mailing the original
password to the new maintainer.
This fully satisfies my concerns with Martin's (Martin Michlmayr
<tbm@debian.org>) excellent advice to NMs.
Bob
--
_
|_) _ |_ Robert D. Hilliard <hilliard@debian.org>
|_) (_) |_) 1294 S.W. Seagull Way <bob@bobhilliard.net>
Palm City, FL USA GPG Key ID: 390D6559
PGP Key ID: A8E40EB9
Reply to: