[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: TLS encrypted source for Debian iso signing keys?

On Mon, Jul 02, 2012 at 10:49:14PM +0200, Jochen Spieker wrote:
> What I find more interesting is that the key 0x6294BE9B ("Debian CD
> signing key") only has nine signatures and only one from someone using
> his "official" @debian org address (0x3442684E, Steve McIntyre). That
> could surely be improved. I am a little bit disappointed to learn that
> even my fairly well-connected key doesn't help in finding a trust path
> to the CD signing key.

% gpg --list-sigs 6294BE9B                
pub   4096R/6294BE9B 2011-01-05
uid                  Debian CD signing key <debian-cd@lists.debian.org>
sig          1B3045CE 2011-01-07  Colin Tuckley <colin@tuckley.org>
sig          3442684E 2011-01-05  Steve McIntyre <steve@einval.com>
sig          A40F862E 2011-01-05  Neil McGovern <neil@halon.org.uk>
sig          C542CD59 2011-01-05  Adam D. Barratt <adam@adam-barratt.org.uk>
sig          63C7CC90 2011-01-05  Simon McVittie <smcv@pseudorandom.co.uk>
sig 3        6294BE9B 2011-01-05  Debian CD signing key <debian-cd@lists.debian.org>
sub   4096R/11CD9819 2011-01-05
sig          6294BE9B 2011-01-05  Debian CD signing key <debian-cd@lists.debian.org>

All of the above named individuals are Debian developers.  Note
that the UID shown is just one of several on their key:

% gpg --list-keys 1B3045CE 3442684E A40F862E C542CD59 63C7CC90
pub   1024D/1B3045CE 1999-07-09
uid                  Colin Tuckley <colin@tuckley.org>
uid                  [jpeg image of size 2652]
uid                  Colin Tuckley <colint@debian.org>
sub   2048g/5C5B9D12 1999-07-09

pub   4096R/3442684E 2009-05-09
uid                  Steve McIntyre <steve@einval.com>
uid                  Steve McIntyre <93sam@debian.org>
uid                  Steve McIntyre <stevem@chiark.greenend.org.uk>
sub   4096R/E2C26E29 2009-05-09

pub   4096R/A40F862E 2009-05-11
uid                  Neil McGovern <neil@halon.org.uk>
uid                  Neil McGovern <neilm@debian.org>
uid                  Neil McGovern <neil.mcgovern@collabora.com>
sub   4096R/B999855D 2009-05-11

pub   4096R/C542CD59 2009-07-11
uid                  Adam D. Barratt <adam@adam-barratt.org.uk>
uid                  Adam D. Barratt <adsb@debian.org>
uid                  Adam D. Barratt <adam@funky-badger.org>
sub   4096R/EC0E8DA0 2009-07-11

pub   4096R/63C7CC90 2009-05-08
uid                  Simon McVittie <smcv@pseudorandom.co.uk>
uid                  Simon McVittie <smcv@debian.org>
uid                  Simon James McVittie (born 1983-08-25)
uid                  Simon McVittie <simon.mcvittie@collabora.co.uk>
sub   4096R/20FB245D 2009-05-08 [expires: 2019-05-06]


Of these, I have signed Steve's key from when we met in Cambridge
earlier in the year, and I also signed Colin's new key (38C9D903)
but this isn't yet being used.  So I am just two hops to the key
in the web of trust.  I'm probably just another hop or two by
all the other keys, since I signed Adam and Simon's older keys,
and I also have lots of paths to the keys via other people's
keys.  Even if I had never met any of these people personally,
I'd still only be three or four hops away.



Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux    http://people.debian.org/~rleigh/
 `. `'   schroot and sbuild  http://alioth.debian.org/projects/buildd-tools
   `-    GPG Public Key      F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800
Reply to: