[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please revoke your signatures from Martin Kraff's keys

Manoj Srivastava <srivasta@debian.org> writes:

>         It has come to my attention that Martin Kraff used an
>  unofficial, and easily forge-able, identity device at a large key
>  signing party recently.  This was apparently to belabour the obvious
>  point that large KSP's are events where it is hard to reasonably
>  check. in a large international KSP, anything beyond matching
>  pictures/names/expiry dates, especially after an hour or so after
>  starting.

So, you are confident that the person who did this is in fact Martin
Kraff, right?

>         Based on this, I strongly suggest that mere signatures on a
>  new maintainers key from a DD be also  not enough, since people have
>  now effectively proven how easily signatures may be obtained at a
>  large KSP by just about anyone with money for a easily faked ID.

What would you suggest instead?

Reply to: