[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of the debian keyring

Marco d'Itri dijo [Sun, Feb 23, 2014 at 07:57:43AM +0000]:
> gwolf@gwolf.org wrote:
> >So, what do you suggest?
> Persuade developers that they should sign the new key of people whose
> old key they have already signed, with no need to meet them in person.

I'm open to that if and only if the new keys have proper transition
statements. And if the original signatures were *really* done
carefully - Case in point, I took part of (too?) many massive key
signing parties with my old 8BB527AF (1024D) key. Particularly, the
DC5 to DC7 parties were mind-numbingly long, and the DC6 one was where
Martin Krafft lit an interesting and important flame by *proving* most
of use were not careful enough when checking identity papers.

Since my key transition to 4096R, I only sign to people I can
personally identify. And even so, I am certain several of the keys I
signed in 2009/2010 were to people I would probably not recognize
today (my face-to-name retention is quite deffective). So, no, I don't
usually sign keys even where transition documents ask me to do so. 

> (Also, my keyring update request has been waiting for 3 weeks now to be
> processed.)

Right. We (keyring-maint) usually work by batching requests and
spending some consecutive time on them. Our usual timeframe is once a
month, and it is due this next week. So, don't feel forgotten, we will
act on your request.

Attachment: signature.asc
Description: Digital signature

Reply to: