[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: key sign

Em Qua, 2007-06-27 às 19:28 +0330, Amin Shali escreveu:
> Hi :)
> Can anyone please sign my key? 


Quoting http://www.debian.org/events/keysigning:

"You should never sign a key for somebody else you haven't met
personally. Signing a key based on anything other than first-hand
knowledge destroys the utility of the Web of Trust. If ones friend
presents other developers with your ID card and your fingerprint, but
you are not there to verify that the fingerprint belongs to you, what do
other developers have to link the fingerprint to the ID? They have only
the friend's word, and the other signatures on your key -- this is no
better than if they signed your key just because other people have
signed it!

"It is nice to get more signatures on ones key, and it is tempting to
cut a few corners along the way. But having trustworthy signatures is
more important than having many signatures, so it's very important that
we keep the keysigning process as pure as we can. Signing someone else's
key is an endorsement that you have first-hand evidence of the
keyholder's identity. If you sign it when you don't really mean it, the
Web of Trust can no longer be trusted."

If you want more information on how to get your key signed, you might
want to take a look at http://nm.debian.org/gpg.php

Guilherme de S. Pastore

Reply to: