On 2021-01-10 01:44, Pierre-Elliott Bécue wrote:
Le dimanche 10 janvier 2021 à 01:10:34+0100, Gunnar Hjalmarsson a écrit :What trust of such specific interactions between two persons do you get in a blank copy of the same statement?Personally I found it natural when I saw it, given the content and the fact that my interaction with Sebastien and Iain has been very similar over the years. But it's of course up to you and your colleagues - not me - to decide what is satisfactory.But their personalities are not the same, and if these statements were not public, I suppose that both texts would be quite different, but I may be wrong.
Some background:I contacted Iain and Sebastien via the same message and asked if they were willing to endorse my key. They both work for Canonical, mostly with the Ubuntu desktop, interact with each other more or less daily on various matters, and meet IRL regularly at sprints etc.
So when I noticed the copying, my thought was that they seemed to have talked and agreed on a model for the wording of the statement which both could be fine with. It didn't cross my mind that the fact that the statements were public had anything to do with it.
Well, if the two statements did not contain the same typo, I'd probably have been nicer in the way I said it, but in the current case, it made me believe that at least one person did not write and review their endorsement which made me wonder how serious the key endorsement thing was taken compared to the classic key signing part.
While I now can understand your reaction, this is my interpretation: While Sebastien and/or Iain decided to not reinvent the wheel, the thought that any of them would have blindly copied the statement, without own thought and consideration, is completely foreign to me.
Having spent quite some time bringing this solution alive to try solving the key signing issue raised by the COVID outbreak, I consider it as something important to not weaken our way of trusting keys and people using these.
My deepest respect for that.
Apart from that, I have the feeling that here you mixed up me raising doubts with me using inappropriate phrasing to state my doubts, which may occur as English is not my native language. While I can feel and be sorry for the latter, I do not about the former.
Fair enough. (And being a non-native myself, I have been in similar situations, so I have no difficulties to understand that either.)
But let's close the book on this, including your and my reactions, and start afresh.
++++++++++++++++++++++++++++
Is your 2048R key signed by DDs?
Nope, we are not that lucky.
Otherwise you'll need to get some endorsements for that key.
Right. And I will turn to Iain and Sebastien again and ask if they arewilling to provide new endorsements. (Looks like Enrico Zini already did that, btw.)
To switch, make it active in your nm profile, resubmit your intent, SC/DMUP statements
Done.
and I'll remove the ones you signed with your new key.
Thanks for your patience! Gunnar Hjalmarsson
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature