Re: debsigs
- To: Henrique de Moraes Holschuh <hmh@debian.org>
- Cc: debian-devel@lists.debian.org
- Subject: Re: debsigs
- From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
- Date: Thu, 04 Apr 2002 17:15:12 +0200
- Message-id: <[🔎] 87elhvsdfj.fsf@CERT.Uni-Stuttgart.DE>
- In-reply-to: <20020328085009.E6139@khazad-dum> (Henrique de Moraes Holschuh's message of "Thu, 28 Mar 2002 08:50:09 -0300")
- References: <87r8mfm39u.fsf@CERT.Uni-Stuttgart.DE> <20020321000430.GA7904@snoopy.apana.org.au> <20020321052420.GC20722@blimpo.internal.net> <20020321053930.GA12689@snoopy.apana.org.au> <20020327004655.GF19032@blimpo.internal.net> <20020327010653.GA7441@snoopy.apana.org.au> <20020327012334.GH19032@blimpo.internal.net> <87hen2ouoa.fsf@CERT.Uni-Stuttgart.DE> <20020327162335.C2778@khazad-dum> <87r8m5lcjv.fsf@CERT.Uni-Stuttgart.DE> <20020328085009.E6139@khazad-dum>
Henrique de Moraes Holschuh <hmh@debian.org> writes:
>> > We do not revoke keys because they are not invalid. We do not revoke the
>> > signatures on UIDs mentioning @debian.org, because that would cause a lot of
>> > trouble for the person to come back to the Debian project, I think. One
>> > cannot revoke a revocation certificate, AFAIK...
>>
>> Yes, you can. Just sign the key again. Recent GnuPG versions will
>> handle this correctly.
>
> Will that work correctly in remote keys (i.e. if one key that HAS the
> revocation signature on top of the old signature, and fetches the new
> signature, does it wipe the old sig and rev. sig?)
It doesn't wipe it (both signatures are still there), but it reverses
the effect of the revocation.
>> I don't think it's a good idea to express trust by membership in the
>> Debian keyring. Why can't we use bare OpenPGP for that?
>
> We don't use that because (AFAIK):
>
> 1. It is slower by a factor of 10, if not more.
This will be fixed in GnuPG 1.0.7.
> If (1) is not a problem anymore, and you are offering to fix all the
> scripts...
Uh-oh...
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: