Bug#594907: ITP: kspsig -- Key Signing Party signature verification tool

[Tom Marble <tmarble@info9.net>]

On 08/30/2010 04:34 PM, Joerg Jaspert wrote:
> And this needs an own package because of ________________________
> 
> Sounds like it should be in signing-party instead.

Indeed it very well may want to be part of signing-party when
it grows up... The primary rationale for it being separate now
includes:

1. As this tool is making assertions about signature strength which
   important to our web of trust it is recommended that this
   tool get peer testing and review on it's own (as to avoid
   versioning signing-party at this early stage).

2. It has been suggested that the correct implementation of
   this tool is to read the keyring directly -- instead of using
   gpg -- in which case the implementation may change significantly.

If these goals should be accomplished without creating a
separate package I would be happy to pursue that approach.

Respectfully,

--Tom