Re: Please revoke your signatures from Martin Kraff's keys

[Christian Pernegger <pernegger@gmail.com>]

> Stop signing keys for Debian developers, since purchased ID's are 
acceptable in this community? ;)

There's a difference between 'purchase' and 'pay for' in this context. I 
have always had to pay for any kind of ID card, be it passport, 
citizen's ID or student ID. You make it sound like he bought a *forged* 
ID, which I'm not sure he did.

The question should be who issued the ID, what checks were performed, 
and do you trust the issuing entity and/or their checks.

In this case the issuer was not affiliated with any government body, but 
they did check his passport before issuing the card. Should you 
therefore not trust it? I'm not so sure.

Case in point, I needed a new passport recently ... There was a single 
person in that (passport issuing) office, and lots of pristine passports 
lying around - I could have clubbed him over the head and got *original* 
passports for all the mafia in the city.
The official then asked me what my name was, and if I still lived at xy 
street. I said yes, and he printed a passport. I did not have to show 
ID, anyone who knew my name could've gotten that passport ... So you 
can't trust passports, either. What do you trust?

C.