Re: Please revoke your signatures from Martin Kraff's keys
On 25 May 2006, Thomas Bushnell told this:
> Manoj Srivastava <firstname.lastname@example.org> writes:
>> It has come to my attention that Martin Kraff used an unofficial,
>> and easily forge-able, identity device at a large key signing party
>> recently. This was apparently to belabour the obvious point that
>> large KSP's are events where it is hard to reasonably check. in a
>> large international KSP, anything beyond matching
>> pictures/names/expiry dates, especially after an hour or so after
> So, you are confident that the person who did this is in fact Martin
> Kraff, right?
not any more.
>> Based on this, I strongly suggest that mere signatures on a new
>> maintainers key from a DD be also not enough, since people have now
>> effectively proven how easily signatures may be obtained at a large
>> KSP by just about anyone with money for a easily faked ID.
> What would you suggest instead?
Stop signing keys for Debian developers, since purchased ID's
are acceptable in this community? ;) At this point, I am not sure what
my stance is going to be.
The Law of the Letter: The best way to inspire fresh thoughts is to
seal the envelope.
Manoj Srivastava <email@example.com> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C