[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Keysigning in times of COVID-19

On Thu, Aug 06, 2020 at 05:54:21PM +0200, Enrico Zini wrote:
> What do you think could be alternative key signing policies, that would
> be acceptable to you, that would not require traveling and meeting face
> to face?
What about an added dimension that may (or may not) affect the concept
of "alternative key signing policies"?

Perhaps instead of requiring "a valid DD signature" as the basis for
"important" project actions (e.g., uploading to the archive), we should
consider rather "degree of trust associated with a collection of one or
more signatures".

So, then a key not signed by any DD (directly or indirectly) might carry
a trust value of 0.  A key directly signed by 5 DDs, each of whose keys
are also directly signed by 5 other DDs, might have a trust value of 25
(or 5^2).  If the required trust value for an upload to the unstable
suite of the archive required a trust of 15, then the first key (trust
0) would not be able to upload while the second key (trust 25) would.
If someone only had a trust level of 7, they would need to find someone
(or more than one someone) to additionally sign an upload to bring the
aggregate trust level above 15.

The trust calculation may also account for the degree of connection.
E.g., the 5 DD x 5 DD example above might instead be calculated as 5 +
(5 x 1/2)^2 = 11.25, so that unique second degree signatures count half
as much as unique first degree signatures.

Of course, the concept of requiring multiple signatures does not work
for things like voting, but the trust concept could still be applied.
In effect, our current model requires a trust level of 1 on a GPG key in
order to be considered able to cast a valid vote.  This is in addition
to the requirement of having passed through the various qualifications
to be a DD and be accepted by the project.

In any event, it is just a random idea that I had.  It is not clear if
such an approach is even feasible or desirable.



Roberto C. Sánchez

Reply to: