Re: debsigs

To: debian-devel@lists.debian.org
Subject: Re: debsigs
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Thu, 28 Mar 2002 02:13:24 +0100
Message-id: <[🔎] 87r8m5lcjv.fsf@CERT.Uni-Stuttgart.DE>
In-reply-to: <[🔎] 20020327162335.C2778@khazad-dum> (Henrique de Moraes Holschuh's message of "Wed, 27 Mar 2002 16:23:35 -0300")
References: <[🔎] 73f2.3c97664c.da2fb@roy.gaast.net> <[🔎] 1016569697.2991.18.camel@altair> <[🔎] 87r8mfm39u.fsf@CERT.Uni-Stuttgart.DE> <[🔎] 20020321000430.GA7904@snoopy.apana.org.au> <[🔎] 20020321052420.GC20722@blimpo.internal.net> <[🔎] 20020321053930.GA12689@snoopy.apana.org.au> <[🔎] 20020327004655.GF19032@blimpo.internal.net> <[🔎] 20020327010653.GA7441@snoopy.apana.org.au> <[🔎] 20020327012334.GH19032@blimpo.internal.net> <[🔎] 87hen2ouoa.fsf@CERT.Uni-Stuttgart.DE> <[🔎] 20020327162335.C2778@khazad-dum>

Henrique de Moraes Holschuh <hmh@debian.org> writes:

> We do not revoke keys because they are not invalid. We do not revoke the
> signatures on UIDs mentioning @debian.org, because that would cause a lot of
> trouble for the person to come back to the Debian project, I think. One
> cannot revoke a revocation certificate, AFAIK...

Yes, you can.  Just sign the key again.  Recent GnuPG versions will
handle this correctly.

> Someone is trusted by the project if, and only if, he has a non-revoked key
> in the Debian keyring. Removing a key from the Debian keyring effectively
> removes all privileges that key has as far as Debian is concerned.

I don't think it's a good idea to express trust by membership in the
Debian keyring.  Why can't we use bare OpenPGP for that?

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: debsigs
  - From: Steve Langasek <vorlon@netexpress.net>
- Re: debsigs
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

References:
- Re: ITI: HTTPS method for apt
  - From: Wilmer van der Gaast <lintux@bigfoot.com>
- Re: ITI: HTTPS method for apt
  - From: Paolo Redaelli <paolo.redaelli@libero.it>
- Re: ITI: HTTPS method for apt
  - From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
- Re: ITI: HTTPS method for apt
  - From: Brian May <bam@debian.org>
- Re: ITI: HTTPS method for apt
  - From: Ben Collins <bcollins@debian.org>
- Re: debsigs
  - From: Brian May <bam@debian.org>
- Re: debsigs
  - From: Ben Collins <bcollins@debian.org>
- Re: debsigs
  - From: Brian May <bam@debian.org>
- Re: debsigs
  - From: Ben Collins <bcollins@debian.org>
- Re: debsigs
  - From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
- Re: debsigs
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: ITP: mencal -- A menstruation calendar
Next by Date: dpkg triggers
Previous by thread: Re: debsigs
Next by thread: Re: debsigs
Index(es):
- Date
- Thread