Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
Dale Scheetz writes:
I think that either Dale or myself has misunderstood something here,
since his argument makes little sense from my (albeit limited)
knowledge of how PGP/GPG keysigning works. I've kept the quoted text
below because it seems to me to be the most succinct form of his
argument. To clarify, this argument only applies to people posessing a
key signed by a Debian developer.
AIUI, the purpose of PGP/GPG keysigning is for the signer to say "this
key belongs to the signee, and I have seen ID that satisfies me to
this extent". Typically, it also means "I trust the signee to sign
Therefore, what does it matter that I can't remember the face of the
person whose key I signed six months ago? I am still happy that I saw
good ID, and that if I get mail signed/encrypted with that key that it
comes from that person.
I reject the assertion that Debian needs a photo of the person (so
that we can meet them at the airport???). Debian does not have a
photograph of me, and I intend to keep it that way.
So, given that it is unecessary for our web of trust for the applicant
to provide an image, and that some applicants may be unhappy with
Debian keeping a photograph of them, I conclude that the requirement
for an image file in the case of people with keys signed by a debian
developer should be removed.
> Every applicant must provide an image file of a photograph of themselves,
> most desired is a passport or a photo ID, signed with their GPG key, in
> order to identify themselves to the group. This image is archived by the
> DAM as the record of the "eyeball" portion of the identification.
> If the key is already signed by a current Debian member, no further
> identification is necessary. Otherwise the more complex "handshake" clause
> is executed.
> Having a key that is signed by a Debian member, doesnot constitute
> "eyeball" contact, as many members have admitted that, although they
> certainly looked at ID during the keysigning, they are not certain that
> they can still identify the person by face.
> Having the assurance that the keyholder is the applicant (this comes from
> the signature on their key) coupled with the signed image provided by the
> applicant closes the eye/hand loop. Neither is sufficient without the
There's a red herring argument that "They might have just
downloaded a random public key", but we expect a PGP-signed message
from our applicants, which shows that they have the private key too.
For the humour-impaired, that was sarcasm
Rapun.sel - outermost outpost of the Pick Empire