[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A request for those attending key signing parties

Martin Zobel-Helas dijo [Mon, Jan 31, 2011 at 09:18:18PM +0100]:
> a more theoretical question quite related to this:
> If one plans to have the key replaced in the keyring, and we have a
> fellow DD in the keyring who's only trust path to other Debian
> Developers goes via that key (this might become a real scenario when we
> do a bigger round of key replacements) will that key replacement really
> happen? Thus CCing keyring maintainers.

<hat kind="keyring>
We have requested some people to hold their keys' transition in cases
where the older key had a vast amount of signatures and the new key
didn't. True, we do not check for every key update whether we are
creating islands, and we possibly are - And that's one of the reasons
we often encourage people to get more signatures (i.e. one signature
is too marginal, two or more are strongly encouraged). Of course, it
is not free of controversies - I am not naming specific cases on
public lists, but some people have been cut off from getting a key in
(after having lost access or trust to their previous keys) as they
were in no way connected to the keyring. And that sucks.

Still, I'd welcome additions to our suite telling us any adverse
effects (mainly, the creation of islands) done by a key replacement. I
fear it will be computationally intensive... But worth it. Of course,
assuming we will _not_ block somebody because they fell out of the WoT
(as their identity has already been checked in the past), but just
advising them to get more in contact.


Reply to: