Re: Keysigning in times of COVID-19

To: Federico Ceratto <federico.ceratto@gmail.com>, debian-project@lists.debian.org
Subject: Re: Keysigning in times of COVID-19
From: Jonas Smedegaard <dr@jones.dk>
Date: Mon, 17 Aug 2020 20:39:02 +0200
Message-id: <[🔎] 159768954219.3529538.3040549531150410986@auryn.jones.dk>
In-reply-to: <[🔎] CAG4RQzb_8SP5tz6QwJE92ZVQYrRZdrTamhNiwp1t3BrUWG+Urw@mail.gmail.com>
References: <[🔎] 20200806155421.vb6prsd7gyjnbhmd@enricozini.org> <[🔎] 20200806162855.GE13519@connexer.com> <[🔎] CAG4RQzb_8SP5tz6QwJE92ZVQYrRZdrTamhNiwp1t3BrUWG+Urw@mail.gmail.com>

Quoting Federico Ceratto (2020-08-17 20:17:49)
> On Thu, Aug 6, 2020 at 5:40 PM Roberto C. Sánchez <roberto@debian.org> wrote:
> > Perhaps instead of requiring "a valid DD signature" as the basis for
> > "important" project actions (e.g., uploading to the archive), we should
> > consider rather "degree of trust associated with a collection of one or
> > more signatures".
> 
> Forking the conversation a bit, I'm wondering what is the real threat
> that we want to mitigate.
> I guess the main one is: "a malicious DD uploads a package containing
> a backdoor"

Also: "a malicious DD votes twice"

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: signature

Reply to:

Follow-Ups:
- Re: Keysigning in times of COVID-19
  - From: Wouter Verhelst <wouter@debian.org>

References:
- Keysigning in times of COVID-19
  - From: Enrico Zini <enrico@enricozini.org>
- Re: Keysigning in times of COVID-19
  - From: Roberto C. Sánchez <roberto@debian.org>
- Re: Keysigning in times of COVID-19
  - From: Federico Ceratto <federico.ceratto@gmail.com>

Prev by Date: Re: Keysigning in times of COVID-19
Next by Date: Re: Keysigning in times of COVID-19
Previous by thread: Re: Keysigning in times of COVID-19
Next by thread: Re: Keysigning in times of COVID-19
Index(es):
- Date
- Thread