On Wed, Nov 15, 2017 at 01:45:52PM +0100, Mattia Rizzolo wrote: > In many cases (such this particular one) people don't have a viable gpg > key anymore in the keyring: that means they can't email > changes@db.debian.org to update their LDAP details (theoretically, they > might still know the LDAP password and do it from there, but in practice > all the people who reach that point already forgot it). > So there is really a very technical issue to overcome for your proposal. I would be ok with saying that emeritus people who have a valid gpg key can still have email forwarding, exporting the emeritus keyring alongside the other keyrings, and handling email forwarding configuration changes via changes@db.debian.org, and key replacements as usual. It would exclude people who don't have a viable gpg key anymore in the keyring, or who are not interested in maintaining one, but that is already the case mostly anywhere in Debian, and I don't see it as a blocker for keeping forwarding working as long as someone is emeritus and has a key in the emeritus keyring. I would also be ok saying that people whose keys in the emeritus keyring become invalid over time, because they expire or because they are not replaced when needed, move to "removed" status after a while. Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Attachment:
signature.asc
Description: PGP signature