Re: Please revoke your signatures from Martin Kraff's keys

[Florian Weimer <fw@deneb.enyo.de>]

* Manoj Srivastava:

>         I will not be signing his keys, ever, based on this action of
>  what I consider to be bad faith.  Based on discussion with other
>  people who seem to find this action amusing, but not unacceptable, I
>  find that my decision to vaive my personal requirements of two forms
>  of ID was probably a mistake, and I am probably not going to be
>  signing any of the keys.

Wouldn't it make more sense to encourage people to mark the signers of
Martin's key as non-trustworthy in their personal web of trust, at
least if the signatures were created in a specific time frame?
Signing a key does not express a trust relationship, only a vague
promise that you have checked that the user ID and the owner match.
The trustworthiness is an individual decision and has to be set by
each GnuPG user individually.

(And I'm still a bit baffled why there are so many signatures on the
Debian Archive Automatic Signing Key. 8-)