[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mentors.debian.ORG?

Hash: SHA1

Hi Christoph,

This is offtopic to your questions, but I should better say this now than
forgetting about this idea:

For the new users registration process what about making mentors:

 * require the key to be in a keyserver so it can fetch it from there, and
removing the current 'upload your key' way.
   Reasoning: Potential sponsors, in theory, should verify the signature of
package they may sponsor, and in order to do this they need to be able to
get the public key from somewhere. Making this a requirement would also
make people more aware of the keyservers and their pourpose.

 * and once the key has been imported in mentors' local keyring, the user
should fetch mentors' public key in order to send an encrypted message
either via web or via email to mentors in a format such as the following so
the new account is created:
Email: john@doe.com
Password: foobar
   Reasoning: just like for my previous point, users need to be aware of the
capabilities and uses of GPG/PGP keys. And not to mention that in theory it
is a safer way to transmit passwords over the net instead of dummy https.

A similar process could be used when the user wishes to reset the password
of the web account.


Version: GnuPG v1.4.6 (GNU/Linux)


Reply to: