[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

On Fri, May 26, 2006 at 11:57:09AM +0200, Michael Meskes wrote:
> On Thu, May 25, 2006 at 04:30:07PM -0500, Manoj Srivastava wrote:
> > On 25 May 2006, Andreas Tille spake thusly:
> > > Is there any reason to revoke my signature I have put on
> > > Martin's key after he showed me his passport?
> > 
> >         In my opinion, yes, if you consider subverting the KSP like
> >  that unacceptable behaviour.
> This may be a silly question but doesn't my signature only state that I
> certify this key really belongs to the person it seems to belong to?

It certifies that you've seen the person, that he's shown you his GPG
key which he had claimed to be his, and that you have a reasonable
suspicion that he is who he claims to be.

Given the huge number of different people who sign GPG keys, you cannot
reasonably assume anything more than the above about signatures from
anyone but yourself (i.e., it is not what you *should* check before
signing a key; these are only the checks that you can reasonably assume
to have been made).

That aside, personally, I don't know what the big fuzz is about. I know
who Martin Krafft is; I've seen him at a number of FOSDEM instances, and
I've seen him last year in Helsinki, where I called him by his name (to
which he reacted), and where literally hundreds of others did the same.
Considering that, I don't need a government-issued ID to be sure that he
is indeed who he claims to be. I suspect the same is true for many of
the other Debian people there.

I'd think it'd be very hard to be impersonating someone at a DebConf

Fun will now commence
  -- Seven Of Nine, "Ashes to Ashes", stardate 53679.4

Reply to: