Re: A request for those attending key signing parties

To: debian-devel@lists.debian.org
Cc: "Keyring Maintainers" <keyring-maint@debian.org>
Subject: Re: A request for those attending key signing parties
From: "Thijs Kinkhorst" <thijs@debian.org>
Date: Tue, 1 Feb 2011 10:06:28 +0100
Message-id: <[🔎] 906938246402b2893e33b381b2fe3747.squirrel@wm.kinkhorst.nl>
In-reply-to: <20110131201818.GK13497@ftbfs.de>
References: <E1PjyoY-0003xV-OQ@tytso-glaptop> <20110131201818.GK13497@ftbfs.de>

On Mon, January 31, 2011 21:18, Martin Zobel-Helas wrote:
> a more theoretical question quite related to this:
>
> If one plans to have the key replaced in the keyring, and we have a
> fellow DD in the keyring who's only trust path to other Debian
> Developers goes via that key (this might become a real scenario when we
> do a bigger round of key replacements) will that key replacement really
> happen? Thus CCing keyring maintainers.

(I'm not a keyring maintainer.)

Currently connectedness has only been used to decide on entry into the
keyring. In a similar scenario, if you are signed by just one DD and that
DD retires from Debian, you are not removed from the keyring, even though
you're no longer connected to other DD's by trust paths. And that is not a
problem, because the process is used to establish identity. Your identity
has been established upon entry, and this fact is not lost when
connectedness of your key is reduced. Thus it's not essential to keep the
keys internally connected.

Cheers,
Thijs

Reply to:

Prev by Date: Bug#611698: nodejs: conflicts with package node needlessly
Next by Date: Re: Upstream "stable" branches and Debian freeze
Previous by thread: Re: The "node" command in Debian
Next by thread: Re: A request for those attending key signing parties
Index(es):
- Date
- Thread