[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debsigs

Henrique de Moraes Holschuh <hmh@debian.org> writes:

> We do not revoke keys because they are not invalid. We do not revoke the
> signatures on UIDs mentioning @debian.org, because that would cause a lot of
> trouble for the person to come back to the Debian project, I think. One
> cannot revoke a revocation certificate, AFAIK...

Yes, you can.  Just sign the key again.  Recent GnuPG versions will
handle this correctly.

> Someone is trusted by the project if, and only if, he has a non-revoked key
> in the Debian keyring. Removing a key from the Debian keyring effectively
> removes all privileges that key has as far as Debian is concerned.

I don't think it's a good idea to express trust by membership in the
Debian keyring.  Why can't we use bare OpenPGP for that?

Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: