[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Endorsing Gunnar Hjalmarsson's key F235A25E8A2A9718D7D8BDA36C79687A51F6608C

Pierre-Elliott Bécue dijo [Sat, Jan 09, 2021 at 01:40:00PM +0100]:
> I'm afraid Gunnar didn't take the habit of signing his mail and side
> work, only his uploads of packages on Ubuntu repos. We'll have to see if
> Keyring Maintainers would be okay with you endorsing his new key relying
> on signed work he did in unbutu with his older one.
> Not sure of their answer.

FWIW, in my opinion, key endorsements need to come from DDs, but don't
necessarily have to cover Debian work -- "I have played CryptoChess
with Suchand Such on a weekly basis for twelve years, and for three
years already, he has always used 0x0000DEAD00BEEF00" would be
valid -- it would be equivalent to what we get from a GPG

I would be more happy if the endorsement process mentioned
publicly-accessible artifacts... But I understand it is not a

Attachment: signature.asc
Description: PGP signature

Reply to: