On 6/14/06, Wesley J. Landaker <wjl@icecavern.net> wrote:
One other possibility would be to whitelist e-mails with valid
PGP-signatures from keys on the Debian keyring (and possibly
another "whitelist" keyring that is only used for this purpose). Actually,
this would be nice for all the Debian lists. =)
What about checking for signatures that aren't on the debian keyring, but have had the key signed by a DD... actually that could be done by your second option of having another whitelist keyring.
IANADD, but have signatures from DDs on my key. Given it's a criteria for NM, it seems reasonable to have here...