Enrico Zini (DAM) <da-manager@debian.org> wrote:
> A natural person may only have one identity in Debian.
> This was effectively enforced before by requiring cross-signing keys,
> and relying on people doing the cross-signing to have key signing
> policies strong enough to reliably connect a key to a person.
Does "one identity" mean one key, or one user@debian.org?
I ask, because the occasional need to generate a new key from scratch means
giving up many cross-signatures. People often keep the old key alive for
awhile for this reason. I kept my 1994 era generated PGP2 format key alive
until at least 2010, even though it was too weak for new things.
My current key goes back to 2005, and it never got as many signatures as the
old key.
{I am still not, alas, an active Debian contributor. I wish I had time.
But, I'm happy to sign keys.... as I sit here in my Debconf 20 T-shirt}
--
Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
Attachment:
signature.asc
Description: PGP signature