Quoting Peter Colberg (2016-06-23 20:39:52) > On Thu, Jun 23, 2016 at 07:30:42PM +0200, Jakub Wilk wrote: >> As as data point, if everybody[0]'s key signing policy had been that >> establishing "social bonds" was a prerequisite, I would have almost >> certainly never become a DD. > > I would like to add another data point as a recent DM. The union of > the DDs I have worked with and the DDs that were kind enough to meet > with me for key signing on their travel through my city is an empty > set. I think that Gunnar’s policy is perfectly fine. At the same time > I am glad that there are DDs who allow the Debian community to be an > open system. > > I am considering to participate in a DebConf eventually (since I have > read so many positive posts about the experience), but to me it is > important to get work done in Debian first and see whether I am in it > for the long run, before spending time and resources on travel to a > potentially faraway destination. I sign keys by a similar policy as Gunnar, it seems. But I do sign also people I have not met before... The logic I use is that I should be able to re-identify later. If I meet the person later I might have forgotten their name (I easily do) but if they remind me and tie it to something we talked about or did together, I should go "Ahhh!" rather than "hmmm". It is a balancing act. Easiest is to only trust your mother and very close friends through many years, but you also want to expand the web of trust (and maybe also social circles, but that is a _different_ matter). I think what can help here is expiry time on signatures: If my gut feeling says that the person I've discussed perl with for an hour does not really etch into my brain that efficiently, and I worry if we bump into each other, say 3 years from now, then I would've forgotten who it is. What I then do is sign but with an expiry of the key of 1-2 years. Expiry on signatures is relatively new to me, however, so I welcome input on how that is sensible or not. And also on how to eventually extend the lifespan. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Attachment:
signature.asc
Description: signature