* Martin Quinson (martin.quinson@tuxfamily.org) wrote: > On Wed, Aug 20, 2003 at 05:03:17PM -0400, Stephen Frost wrote: > > I doubt a poor translation would make it into a released version. > A lot of poor translation get into stable, mainly by lack of manwork, but > you are right no offending translation gets into testing. At least in french. Sorry, I was, as you picked up, meaning 'offending' more than just 'poor'. > Mmm. If so, I really cannot understand the big deal with IDs when signing > the key. Knowing my ID is not enough to prove that I won't upload a rootkit, > and it is not even needed... I must be perticulary dumb. It's more than just the ID, but the ID is a part of it. It's all about trust. A non-Debian example is the way I run some of my personal systems. I won't give out accounts to just anyone but if I've met someone face-to-face and had a chat with them I'm much more inclined to give them account if they have a need for one. If a friend of mine is willing to vouch for some people he/she has met and knows personally I'm more willing to give them an account. The ID comes into play when it's people who don't actually know each other all that well and don't really have much other communication. It's expected that while the person who actually checks your ID doesn't really know you all that well there are others who know you through online correspondence but just havn't met you. That's my general feeling on it anyway, it's probably different for other people. I don't beleive there's an 'official' statement about it really. > > What is harder for the DD and how could the existing Debian > > infrastructure fix that? Nothing in what you've said would lead me to > > believe that there's something we can change which would make things > > easier for the DD with regard to 'poor' translations. > > The whole story is about easing the technical issue in a trust relationship. At the moment there are two levels of 'trust'. There's the level where you can upload new packages and there's the level where you can submit patches and whatnot to the BTS. At least, those are the levels I perceive Debian having atm. Other people can have their own trust relationships if they feel they need them. I don't think there'd really be much advantage to putting another level in there. > Of course, I could (and have) uploaded my key on public servers, meaning > that other Debian member could check than a given mail with my address > desserve the trust they habitually give me. But those guys would have to > configure their email specifically on people like me[*]. I was wondering if > could be avoided, that's all. As others have pointed out most people have their systems configured to grab keys from public keyservers already anyway. > A really great improvement of this situation would be to make easily > available the keys of people in the NM queue, since translators are supposed > to become debian "developer", too. Ok, if you think it'd be all that great then do it and see if anyone actually uses it. I'd be happy to host it on personal servers if you need someone to host it. I might even be willing to sponsor a new Debian package of it if it actually gets popular. > But, ok, if the majority here says that there would not be sufficient > benefit wrt the effort, I guess I'll have to deal with it. Easy :) I doubt it, but hey, if you want to spend your time doing it, go for it. Stephen
Attachment:
pgp3b7iOCg3vR.pgp
Description: PGP signature