Re: Keysigning via Video Conferencing
On Jun 23 2016, Ben Finney <ben+debian@benfinney.id.au> wrote:
> Nikolaus Rath <Nikolaus@rath.org> writes:
>
>> But how is your policy preventing this?
>
> If you're looking for claims of “This policy will absolutely guarantee
> the malicious behaviour is impossible”, of course that's not a
> believable claim and I don't expect anyone to seriously propose that. So
> I don't know what you're fishing for.
As I said in my other email, I am wondering if the extra burden is worth
the gain in security. If everyone were to follow this procedure then the
bar to becoming a Debian developer would be raised significantly.
It seems to me that malicious activities are made a little harder, but
for a well-meaning contributor it becomes a lot harder to get
signatures.
> What *is* claimed, by my reading, is that there is significantly more
> reason to be confident in an identity that is stable over multiple
> meetings, in the same social circles, with consequential social bonds
> and interactions.
Indeed, but I'm wondering why no one even seemes to consider if this
gain in security is worth its price.
Best,
-Nikolaus
--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F
»Time flies like an arrow, fruit flies like a Banana.«
Reply to: