On Wed, Mar 12, 2003 at 09:10:36AM -0800, Matt Kraai wrote: > Developer X has a key A which is in the keyring. They have > another key B, which is signed by A, but is not in the keyring. > Applicant Y has a key M which is signed by B. > Is that acceptable? Hello, Depends on who owns key B, because we need to trust that /this person/ has checked Y's id properly before signing the key. Imho we can only do that if the person owning key B is Developer X. But if this is true applicant Y should simply write a mail to Developer X, asking him to sign key M with his Debian key (A)[1]. He can safely do this because he has already done the proper checks when signing key M with key X. cu andreas [1] "I'd like to become member of debian, ..." -- "See, I told you they'd listen to Reason," [SPOILER] Svfurl fnlf, fuhggvat qbja gur juveyvat tha. Neal Stephenson in "Snow Crash"
Attachment:
pgpvCgcgqawRB.pgp
Description: PGP signature