Re: Cuban prospective DD can't acomplish NM identification

To: debian-newmaint@lists.debian.org
Subject: Re: Cuban prospective DD can't acomplish NM identification
From: Jonathan McDowell <noodles@earth.li>
Date: Thu, 20 Aug 2009 17:06:27 +0100
Message-id: <[🔎] 20090820160627.GO6635@earth.li>
In-reply-to: <[🔎] 20090820130258.GB10197@cajita.gateway.2wire.net>
References: <[🔎] 1250686133.28769.7.camel@desktop> <[🔎] 20090819163528.GA26854@capsaicin.mamane.lu> <[🔎] 20090819231238.GI9776@ngolde.de> <[🔎] 20090820060904.GA31793@rivendell> <[🔎] 20090820130258.GB10197@cajita.gateway.2wire.net>

On Thu, Aug 20, 2009 at 08:02:59AM -0500, Gunnar Wolf wrote:
> Raphael Hertzog dijo [Thu, Aug 20, 2009 at 08:09:04AM +0200]:
> > > > Was it not so that the "DAM phone contact" which is (nearly?)
> > > > always set to "not required" in NM reports was about that, i.e.
> > > > if the applicant cannot get near a DD, then the DAM talks to him
> > > > on the phone, checking he is a real live individual, maybe
> > > > reading his key fingerprint over the phone, and put the key in
> > > > the keyring based on that?
> > > 
> > > I hope not, having a chat over the phone is no id check.
> > 
> > Yet that's the only id check that happened to me... (except the
> > numerous signatures that I got after becoming DD.)
> 
> Well, the times they are a' changin'.
> 
> At some point in history it was determined that was not enough of an
> ID check. Possibly, we should make some analysis on the current
> keyrings to find if there are DDs (possibly among the old-timers) who
> do not have any cross-signatures — I am adding Jonathan
> (keyring-maint) on Cc: to this mail (in case he is not following this
> list) to check if he is aware of any such check.

I'm on list so no need to CC me. I've been avoiding chipping in because
it's a difficult problem. ;)

You can see stats for the keyring over time at:

http://keyring.debian.org/stats/

In particular looking at:

http://keyring.debian.org/stats/2009-08-12/output/status.txt

we presently have 1035 keys (PGP + GPG) with 941 of them reachable from
the strong set and a strong set of 876. So there are 94 keys not tied
into our central web of trust and a further 65 not as tightly tied in as
we'd like. Obviously getting them linked in would be great (or purging
the keys if they're weak or the DD is no longer active).

In terms of the specific example here of Adrian I'd defer to DAM to make
the decision. Normally a key with at least 2 DD signatures on it is
preferred for new additions, or being generally linked into the wider
web of trust if that's not possible. However if DAM has made sufficient
checks to be happy to give someone an account on Debian boxes and
welcome them into the project then I trust their judgement.

J.

-- 
Revd. Jonathan McDowell, ULC | I don't tip.

Reply to:

References:
- Cuban prospective DD can't acomplish NM identification
  - From: Adrian Perez <adrianperez.deb@gmail.com>
- Re: Cuban prospective DD can't acomplish NM identification
  - From: Lionel Elie Mamane <lionel@mamane.lu>
- Re: Cuban prospective DD can't acomplish NM identification
  - From: Nico Golde <nico@ngolde.de>
- Re: Cuban prospective DD can't acomplish NM identification
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Cuban prospective DD can't acomplish NM identification
  - From: Gunnar Wolf <gwolf@gwolf.org>

Prev by Date: Re: Cuban prospective DD can't acomplish NM identification
Next by Date: Re: Cuban prospective DD can't acomplish NM identification
Previous by thread: Re: Cuban prospective DD can't acomplish NM identification
Next by thread: Re: Cuban prospective DD can't acomplish NM identification
Index(es):
- Date
- Thread