Re: TLS encrypted source for Debian iso signing keys?
On Mon, Jul 02, 2012 at 10:49:14PM +0200, Jochen Spieker wrote:
> What I find more interesting is that the key 0x6294BE9B ("Debian CD
> signing key") only has nine signatures and only one from someone using
> his "official" @debian org address (0x3442684E, Steve McIntyre). That
> could surely be improved. I am a little bit disappointed to learn that
> even my fairly well-connected key doesn't help in finding a trust path
> to the CD signing key.
% gpg --list-sigs 6294BE9B
pub 4096R/6294BE9B 2011-01-05
uid Debian CD signing key <debian-cd@lists.debian.org>
sig 1B3045CE 2011-01-07 Colin Tuckley <colin@tuckley.org>
sig 3442684E 2011-01-05 Steve McIntyre <steve@einval.com>
sig A40F862E 2011-01-05 Neil McGovern <neil@halon.org.uk>
sig C542CD59 2011-01-05 Adam D. Barratt <adam@adam-barratt.org.uk>
sig 63C7CC90 2011-01-05 Simon McVittie <smcv@pseudorandom.co.uk>
sig 3 6294BE9B 2011-01-05 Debian CD signing key <debian-cd@lists.debian.org>
sub 4096R/11CD9819 2011-01-05
sig 6294BE9B 2011-01-05 Debian CD signing key <debian-cd@lists.debian.org>
All of the above named individuals are Debian developers. Note
that the UID shown is just one of several on their key:
% gpg --list-keys 1B3045CE 3442684E A40F862E C542CD59 63C7CC90
pub 1024D/1B3045CE 1999-07-09
uid Colin Tuckley <colin@tuckley.org>
uid [jpeg image of size 2652]
uid Colin Tuckley <colint@debian.org>
sub 2048g/5C5B9D12 1999-07-09
pub 4096R/3442684E 2009-05-09
uid Steve McIntyre <steve@einval.com>
uid Steve McIntyre <93sam@debian.org>
uid Steve McIntyre <stevem@chiark.greenend.org.uk>
sub 4096R/E2C26E29 2009-05-09
pub 4096R/A40F862E 2009-05-11
uid Neil McGovern <neil@halon.org.uk>
uid Neil McGovern <neilm@debian.org>
uid Neil McGovern <neil.mcgovern@collabora.com>
sub 4096R/B999855D 2009-05-11
pub 4096R/C542CD59 2009-07-11
uid Adam D. Barratt <adam@adam-barratt.org.uk>
uid Adam D. Barratt <adsb@debian.org>
uid Adam D. Barratt <adam@funky-badger.org>
sub 4096R/EC0E8DA0 2009-07-11
pub 4096R/63C7CC90 2009-05-08
uid Simon McVittie <smcv@pseudorandom.co.uk>
uid Simon McVittie <smcv@debian.org>
uid Simon James McVittie (born 1983-08-25)
uid Simon McVittie <simon.mcvittie@collabora.co.uk>
sub 4096R/20FB245D 2009-05-08 [expires: 2019-05-06]
Of these, I have signed Steve's key from when we met in Cambridge
earlier in the year, and I also signed Colin's new key (38C9D903)
but this isn't yet being used. So I am just two hops to the key
in the web of trust. I'm probably just another hop or two by
all the other keys, since I signed Adam and Simon's older keys,
and I also have lots of paths to the keys via other people's
keys. Even if I had never met any of these people personally,
I'd still only be three or four hops away.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools
`- GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800
Reply to: