Re: non-DD contributors and the debian keyring
[answer to a private mail on the list with the permission of Christian]
On Wed, Aug 20, 2003 at 02:53:49PM +0200, Christian Kurz wrote:
> On [19/08/03 18:05], Martin Quinson wrote:
> > point is that currently, DD is very very strict about who can upload to the
> > source and the packages, but when I submit a translation to someone who do
> > not speak french, he have to trust me.
>
> Well, but even if you are a DD, I would have to trust you and the
> translation that you provided. And for me that trust doesn't depend on
> the signature of the e-Mail that contained the translation. For me it
> doesn't matter if you send me a translation know, with your key signed
> or with your key in the debian-keyring. I will in both cases apply the
> same procedure before including the translation.
Of course, the signature is not sufficient to get the needed trust. But I'm
coordinator of the french translation team since a few years, so my skills
should be trustable, I guess.
But the point is that without the key, anyone can forge mails which seem to
come from me, and thus abuse the trust my work gained me in the mind of some
DDs.
I see this point as necessary even if not sufficient.
That is to say that if I were DD, I would never trust any contribution I
cannot check myself and comming from someone I'm not confident in 1) the
identity 2) the skills.
Judging from the amount of translation rotting in the BTS, I guess some of
you guys react the same way, and I want to change this by easing this trust
relationship, if possible.
Thanks for your time, Mt.
--
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
Reply to: