On 2020-08-06 11:54 a.m., Enrico Zini wrote: > What do you think could be alternative key signing policies, that would > be acceptable to you, that would not require traveling and meeting face > to face? Hello Enrico :) Thank you for bringing this up. On 2020-08-06 1:26 p.m., Johannes Schauer wrote: > So in my opinion (and please correct my assumptions if they are > wrong), an acceptable key signing policy would also be one, where a > prospective DM has shown over several months to produce work that is > always signed with the same key and maybe even communicated (for > example via email, maybe even encrypted) using that GPG key. This makes sense. Whoever advocated for me to become a DD advocated for the person that was signing patches with E301 54F5 429F FBB9 B22E 49C2 DA82 830E 3CCC 3A3A. They had never met me. It didn't matter. My key was added to the keyring because whoever was signing emails and uploaded with that key seemed to care enough about Debian and seemed to produce work that is good enough to be let in the archive. There were also DD signatures on my key at the time, but none of them had worked with me. They only loosely verified that the awkward guy at the coffee shop received or intercepted emails sent at alexandre@alexandreviau.net. I have recently advocated for somebody to become DM. I have some indirect connection with him in the real world, but I have never met him in person. Having his key signed is blocking his NM DM process. I am sure that I "know" this guy. He signs all of his messages with the same PGP key. He signs all of his patches with the same PGP key. He cares about Debian. He asks good questions. If we meet at DebConf, I'll be able to tell that its him. I'll point him to you guys so that you know who he is. We will organize a video call, just to meet outside of emails, but I won't verify his ID, and I will sign his key so that we can move forward. Feel free to attribute whatever value that you want to that signature. I think that given my history with that person it holds much more values than the 2-minutes KSP ones. Cheers, -- Alexandre Viau aviau@debian.org
Attachment:
signature.asc
Description: OpenPGP digital signature