On Wed, Mar 12, 2003 at 09:10:36AM -0800, Matt Kraai wrote:
> Developer X has a key A which is in the keyring. They have
> another key B, which is signed by A, but is not in the keyring.
> Applicant Y has a key M which is signed by B.
> Is that acceptable?
Hello,
Depends on who owns key B, because we need to trust that /this person/
has checked Y's id properly before signing the key. Imho we can only
do that if the person owning key B is Developer X.
But if this is true applicant Y should simply write a mail to
Developer X, asking him to sign key M with his Debian key (A)[1]. He
can safely do this because he has already done the proper checks when
signing key M with key X.
cu andreas
[1] "I'd like to become member of debian, ..."
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurl fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
Attachment:
pgpvCgcgqawRB.pgp
Description: PGP signature