Holger Levsen dijo [Tue, Jul 26, 2016 at 01:58:49AM +0000]: > > But, again, find two DDs with active keys in the keyring with personal > > policies different than mine, and I will accept it. Hell, I won't even > > be able to know about it :) > > while I appreciate that you accept keys signed with other policies than > yours, I don't think keyring maintainers should be willing to accept > *all* signatures done by DDs. > > (And I do see the problem that you cannot know everything…) Ack > But still, if you *hear* some signatures have been done under fishy > circumstances, I *do* think you should object. > > Else I^wsomeones may be tempted to try to game the system… > > IOW: please don't state you'd be willing to accept *any* signatures done > by two DDs… maybe just adding a single word and saying "you'd *almost* be > willing…" is enough to make the difference I think is important here. > > I fully understand your POV but if I were to take a similar stance, > namely "I will sign any key presented under any ID to me, because I have > no means whatsoever to properly verify IDs anyway" and if there then > were several DDs with that policy… I dont think that would be good. And > it would be worse if our keyring maintainers were to accept those IDs > into Debian. Just for the record: I agree with Holger here. We expect every Debian Project Member to be a responsible user of their key, and that includes not blindly signing anybody's key. We do not currently have a policy on what to do in the event somebody is known to misuse the trust model we work with, but I think that a key used improperly could very well be treated as if it had been compromised, and removed from the keyring (as happened many years ago, when many people were storing their .gnupg/secring.gpg in project machines). In short: The system can be gamed. We assume good will and best intentions from Debian people. Bad intentions will be punished.
Attachment:
signature.asc
Description: Digital signature