[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Keysigning via Video Conferencing

Jakub Wilk dijo [Thu, Jun 23, 2016 at 07:30:42PM +0200]:
> * Nikolaus Rath <Nikolaus@rath.org>, 2016-06-23, 09:23:
> >I am wondering if the extra burden is worth the gain in security. If
> >everyone were to follow this procedure then the bar to becoming a Debian
> >developer would be raised significantly.
> As as data point, if everybody[0]'s key signing policy had been that
> establishing "social bonds" was a prerequisite, I would have almost
> certainly never become a DD.
> [0] And by "everybody" I mean that one developer that happened to live in
> the same big city as me.

Of course, the same can be said for me. My first signature was by
Bdale, when he was invited to give a talk in Mexico (and I jumped to
find him), and my next three were by three DDs living at the time in
Munich, where I went to for a conference. We had no previous knowledge
of each other.

I have at times advocated to DAM for accepting a DD with no signatures
on his key when it was clear they were unable to get any; I have (and
will) sign many keys without clearly meeting the criteria I
delineated, but always on a one-on-one basis (and never again on a
mass KSP).

I will not formally specify my signing policy as some do¹, asI use
this criteria just as a *criteria*, not as a hard guideline. And I
don't expect you or any of the participants on this thread to apply
the exact same criteria I do, much less with the same exceptions I
make. I just insist on showing my stand on this... And *try* to be
coherent with what I believe to be a right usage, without being at the
same time a PITA.

¹ From the people that have signed my key:


Attachment: signature.asc
Description: Digital signature

Reply to: