On Friday 26 May 2006 07:06, Manoj Srivastava wrote: > On 25 May 2006, Thomas Bushnell told this: > > Manoj Srivastava <srivasta@debian.org> writes: > >> Based on this, I strongly suggest that mere signatures on a new > >> maintainers key from a DD be also not enough, since people have now > >> effectively proven how easily signatures may be obtained at a large > >> KSP by just about anyone with money for a easily faked ID. > > > > What would you suggest instead? > > Stop signing keys for Debian developers, since purchased ID's > are acceptable in this community? That is a fact not in evidence with supplied information. As I gather, Martin was carrying a passport, his German ID and the quasi-fake Transnational Republic ID. If I had been presented with his TR ID, I would probably laugh and say, "OK, now how about one from a real jurisdiction." -- Paul Johnson Email and IM (XMPP & Google Talk): baloo@ursine.ca Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber
Attachment:
pgpAQtiEipMZf.pgp
Description: PGP signature