Re: Why are in-person meetings required for the debian keyring?

To: debian-project@lists.debian.org
Subject: Re: Why are in-person meetings required for the debian keyring?
From: Rhonda D'Vine <rhonda@deb.at>
Date: Thu, 12 Feb 2015 19:22:29 +0100
Message-id: <[🔎] 20150212182228.GA11453@anguilla.debian.or.at>
Mail-followup-to: debian-project@lists.debian.org
In-reply-to: <[🔎] 87lhk3ior8.fsf@hands.com>
References: <[🔎] 87r3twgsvb.fsf@thinkpad.rath.org> <[🔎] 1423702677.5307.101.camel@russell-laptop.pc.brisbane.lube> <[🔎] 87lhk3ior8.fsf@hands.com>

* Philip Hands <phil@hands.com> [2015-02-12 08:15:55 CET]:
> Russell Stuart <russell-debian@stuart.id.au> writes:
> > On Wed, 2015-02-11 at 11:17 -0800, Nikolaus Rath wrote:
> > If it is indeed trying to do that, it fails miserably.   A DD signing a
> > key doesn't imply he is saying he is worthy of (re)inclusion into
> > Debian, so nobody uses it as a criterion.  If some random noob comes up
> > to DD with a valid credentials and asks them to sign their key, its
> > highly likely they will.  At major conferences this happens en-mass at
> > key signing parties(!)
> 
> You've managed to spectacularly miss my point.
> 
> If one insists on face-to-face meetings, there is a moderate chance that
> someone is going to notice that the same person is attempting to create
> a new persona in order to gain a reentry that we'd refuse if they
> presented themselves as the persona which was ejected.

 How would that happen?  If I were ill intended, I definitely wouldn't
meet up with the people that I had face-to-face meetings before, and
there is enough material of DDs to choose from to get my key signed?
How should someone notice me as the same person in that case?  I think
that reason is a bit flawed on that account.

 Said that, I've signed keys that I haven't seen a valid ID for, and I
know a fair amount of people that have signed my new key for which I
don't have a valid ID to present for.  That still happened in a
face-to-face meetings though.  The fingerprint is what was exchanged
face-to-face, and that to some degree guarantees that they do it on
their own will and not have someone pressure them to get the key signed.
To some degree of course, but people do behave different when they are
forced to do something they wouldn't do otherwise.

 There's nothing foolproof obviously, and also there's no hard ruling on
that, people have to apply their own judging in what they put their
trust in, and we (as in Debian) assume that we do that in the best of
our own interest and reasonings.

 So long,
Rhonda
-- 
Fühlst du dich mutlos, fass endlich Mut, los      |
Fühlst du dich hilflos, geh raus und hilf, los    | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los    |

Reply to:

References:
- Why are in-person meetings required for the debian keyring?
  - From: Nikolaus Rath <Nikolaus@rath.org>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Russell Stuart <russell-debian@stuart.id.au>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Philip Hands <phil@hands.com>

Prev by Date: Re: Why are in-person meetings required for the debian keyring?
Next by Date: Re: Why are in-person meetings required for the debian keyring?
Previous by thread: Re: Why are in-person meetings required for the debian keyring?
Next by thread: Re: Why are in-person meetings required for the debian keyring?
Index(es):
- Date
- Thread