On Sun, Aug 31, 2014 at 01:27:11PM +0100, peter green wrote: > If you have signed someones old key is it considered "responsible" to > sign their new key based on a transition statement signed by the old > key? or is a new face-to-face meeting required? I've seen plenty of > (sometimes conflicting) advice on signing keys of a person you have > never signed keys for before but not much on the transition situation. This topic is in the realm of personal signing policies, so it's probably normal to have conflicting advice among us. FWIW, my take on this is that I'm fine in trusting transition statements as a basis for signing new key, but only if I consider the person doing the transition to be an active member of our community with whom I interact on a regular basis (even remotely). My rationale for this is that if someone disappears from my radar for a very long time and then shows up just for transitioning to a new key, I'd have no way to figure out that something fishy with her key might be going on. In practice, this might become a fairly strict requirement, and I've keysigned on the basis of a transition statement only twice over the past 5 years. YMMV. Cheers. -- Stefano Zacchiroli . . . . . . . zack@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Former Debian Project Leader . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club »
Attachment:
signature.asc
Description: Digital signature