[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Keysigning via Video Conferencing

On Jun 23 2016, Ben Finney <ben+debian@benfinney.id.au> wrote:
> Nikolaus Rath <Nikolaus@rath.org> writes:
>
>> But how is your policy preventing this?
>
> If you're looking for claims of “This policy will absolutely guarantee
> the malicious behaviour is impossible”, of course that's not a
> believable claim and I don't expect anyone to seriously propose that. So
> I don't know what you're fishing for.

As I said in my other email, I am wondering if the extra burden is worth
the gain in security. If everyone were to follow this procedure then the
bar to becoming a Debian developer would be raised significantly.

It seems to me that malicious activities are made a little harder, but
for a well-meaning contributor it becomes a lot harder to get
signatures.

> What *is* claimed, by my reading, is that there is significantly more
> reason to be confident in an identity that is stable over multiple
> meetings, in the same social circles, with consequential social bonds
> and interactions.

Indeed, but I'm wondering why no one even seemes to consider if this
gain in security is worth its price.

Best,
-Nikolaus


-- 
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

             »Time flies like an arrow, fruit flies like a Banana.«
Reply to: