Pierre-Elliott Bécue dijo [Sat, Jan 09, 2021 at 01:40:00PM +0100]: > I'm afraid Gunnar didn't take the habit of signing his mail and side > work, only his uploads of packages on Ubuntu repos. We'll have to see if > Keyring Maintainers would be okay with you endorsing his new key relying > on signed work he did in unbutu with his older one. > > Not sure of their answer. FWIW, in my opinion, key endorsements need to come from DDs, but don't necessarily have to cover Debian work -- "I have played CryptoChess with Suchand Such on a weekly basis for twelve years, and for three years already, he has always used 0x0000DEAD00BEEF00" would be valid -- it would be equivalent to what we get from a GPG certification. I would be more happy if the endorsement process mentioned publicly-accessible artifacts... But I understand it is not a requisite.
Attachment:
signature.asc
Description: PGP signature