[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

On 25 May 2006, Luca Capello uttered the following:

> Hello!
> On Thu, 25 May 2006 15:39:44 +0200, Henrique de Moraes Holschuh wrote:
>> On Thu, 25 May 2006, Manoj Srivastava wrote:
>>> It has come to my attention that Martin Kraff used an
>>> unofficial, and easily forge-able, identity device at a large key
>> [...]
>> Should you not have *signed* a message of this sort?  I certainly
>> won't do anything until I know for sure it came from you.  And
>> preferably, we need to hear Martin's side as well, before doing
>> anything hasty (like either signing keys, or revoking signatures of
>> keys).
> FYI, Martin's explanation is at [1], which passed on Planet Debian.

        Explanation? What we have here is an act of bad faith, in the
 guise of  demonstrating a weakness. In my experience, one act of bad
 faith often leads to others.

        What we have here is cracking the KSP. Cracking a KSP is of no
 big account; they are fragile things to start with.  And then there
 is the brag about the exploit, which is again sterotypical of
 crackers. Cracks are done for bragging rights, and thinly vieled as
 being done for the users own good (I defaced your web site to show
 you you need better security).

        But cracking the KSP is not earn very many bragging rights. So
 what's next? Cracking the NM by sending in fake candidates? Or
 perhaps cracking the legendary reputation that Debian has for
 solidity by passing in a back door? Now that would be a crack worth
 bragging about.

The chat program is in public domain. This is not the GNU public
license. If it breaks then you get to keep both pieces. (Copyright
notice for the chat program)
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: