Re: debsigs
Henrique de Moraes Holschuh <hmh@debian.org> writes:
> We do not revoke keys because they are not invalid. We do not revoke the
> signatures on UIDs mentioning @debian.org, because that would cause a lot of
> trouble for the person to come back to the Debian project, I think. One
> cannot revoke a revocation certificate, AFAIK...
Yes, you can. Just sign the key again. Recent GnuPG versions will
handle this correctly.
> Someone is trusted by the project if, and only if, he has a non-revoked key
> in the Debian keyring. Removing a key from the Debian keyring effectively
> removes all privileges that key has as far as Debian is concerned.
I don't think it's a good idea to express trust by membership in the
Debian keyring. Why can't we use bare OpenPGP for that?
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to:
- Follow-Ups:
- Re: debsigs
- From: Steve Langasek <vorlon@netexpress.net>
- Re: debsigs
- From: Henrique de Moraes Holschuh <hmh@debian.org>