[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Resignation and uploads

On Sun, 13 Nov 2005, Wouter Verhelst wrote:
> There's one thing people are constantly overlooking here:

No, we are not.

> Rember that 'having a key in the Debian keyring' is, for all practical
> matters, equivalent to 'having root on all Debian installations'. A

That means one must only add keys that come from the DAM, remove keys upon
request of a few delegates (currently this is just James, I suppose), and
follow the already documented procedure to change keys to the letter,
without accepting exceptions ever.

This could probably be done using a secure software+hardware solution, and
James would not need to bother with keyring maintenance anymore.  Otherwise,
it is *high* time to have another person in the keyring maintenance team, so
that James is not a single point of failure anymore.

> I for one am _happy_ that James does not 'just' throw in the key if the
> name is remotely similar, but does indeed verify why this new key is

You're not the only one.  But nobody worth listening to has advocated
anything like that (not following the already documented procedures to
modify the keyring) in this thread.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: