[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] list of valid documents for KSPs

Scripsit Manoj Srivastava <srivasta@debian.org>

>         Nothing that a general software developer can do to check an
>  ID is proof against a determined individual, we all assume that there
>  is a gentleman's agreement in place that such an attack is not
>  mounted.

If you _really_ believed that you could depend on people keeping any
gentleman's agreement, the whole charade of holding a KSP would be
completely pointless.

The only reason to hold a KSP is that one _does not_ believe that
people are capable of keeping gentlemen's agreements.

And you calling me and others naive for pointing out this obvious fact
is not going to change it.

>  good faith would have been to present the official ID and extend
>  the web of trust.

A security mechanism that only works in the non-presense of fraudsters
is no security mechanism at all.

Henning Makholm                                 "I can get fat! I can sing!"

Reply to: