Re: DAM Key and identity requirements

To: Michael Richardson <mcr+ietf@sandelman.ca>, debian-devel@lists.debian.org
Subject: Re: DAM Key and identity requirements
From: Joerg Jaspert <da-manager@debian.org>
Date: Tue, 15 Sep 2020 22:16:36 +0200
Message-id: <[🔎] 87k0wuyevv.fsf@lennier.ganneff.de>
Mail-followup-to: Michael Richardson <mcr+ietf@sandelman.ca>, debian-devel@lists.debian.org
Reply-to: Debian Account Managers <da-manager@debian.org>
In-reply-to: <[🔎] 6140.1600180263@localhost>
References: <20200913071104.qcx76k25q5dpt2cn@enricozini.org> <[🔎] 6140.1600180263@localhost>

On 15892 March 1977, Michael Richardson wrote:

    > A natural person may only have one identity in Debian.

> This was effectively enforced before by requiring cross-signing> keys,> and relying on people doing the cross-signing to have key> signing
    > policies strong enough to reliably connect a key to a person.

Does "one identity" mean one key, or one user@debian.org?


It means one identity. Translatable to user@

I ask, because the occasional need to generate a new key from scratchmeansgiving up many cross-signatures. People often keep the old key aliveforawhile for this reason. I kept my 1994 era generated PGP2 format keyalive
until at least 2010, even though it was too weak for new things.
My current key goes back to 2005, and it never got as many signaturesas the
old key.


Thats why we said nothing about the keys.

--
bye, Joerg

Reply to:

References:
- Re: DAM Key and identity requirements
  - From: Michael Richardson <mcr+ietf@sandelman.ca>

Prev by Date: Re: How much data load is acceptable in debian/ dir and upstream (Was: edtsurf_0.2009-7_amd64.changes REJECTED)
Next by Date: Re: How much data load is acceptable in debian/ dir and upstream (Was: edtsurf_0.2009-7_amd64.changes REJECTED)
Previous by thread: Re: DAM Key and identity requirements
Next by thread: Re: DAM Key and identity requirements
Index(es):
- Date
- Thread