Re: Removing < 2048 bit keys from the Debian keyrings
Hi,
Jakub Wilk:
> Do you have any non-joke documentation about signing responsibly?
>
Signing a key is equivalent to saying that you think that the key belongs
to a particular individual and/or identity.
Whether that means "I regularly hang out with them at DebConf" or
"I met them in a keysigning queue last year, and their driver's license
from $STATE looked reasonably legit" is up to you; there's a GPG option
(via the the *-cert-level options, see 'man gpg') to state how carefully
you did verify their identity, but ultimately it's up to you.
--
-- Matthias Urlichs
Reply to: