Bug#594907: ITP: kspsig -- Key Signing Party signature verification tool

[Joerg Jaspert <joerg@debian.org>]

>> Sounds like it should be in signing-party instead.
> Indeed it very well may want to be part of signing-party when
> it grows up... The primary rationale for it being separate now
> includes:

> 1. As this tool is making assertions about signature strength which
>    important to our web of trust it is recommended that this
>    tool get peer testing and review on it's own (as to avoid
>    versioning signing-party at this early stage).

> 2. It has been suggested that the correct implementation of
>    this tool is to read the keyring directly -- instead of using
>    gpg -- in which case the implementation may change significantly.

> If these goals should be accomplished without creating a
> separate package I would be happy to pursue that approach.

I dont get why those two reasons make it need an own package. The
implementation can well change even if its in s-p, as well as the
testing can happen there?

-- 
bye, Joerg
Contrary to common belief, Arch:i386 is *not* the same as Arch: any.