On Wed, Jun 24, 2009 at 3:14 AM, Daniel Kahn Gillmor<d...@fifthhorseman.net> wrote:
> I think that misses a critical point; i want to use my OpenPGP key for a > variety of purposes both in and out of debian. I consider it a baseline > tool for managing my digital identity. While i'm happy to obey > debian-specific guidelines for debian-specific purposes, i have no > intention of obeying debian-specific guidelines for projects outside of > debian, except perhaps by coincidence. > > I'm *not* saying that i will sign keys blindly or anything, but there > are scenarios and groups i interact with where it is meaningful and/or > useful to sign a role key, a machine key, or a pseudonymous key, for > example. If debian makes up some debian-specific guidelines that say > "you must not sign pseudonymous keys", i cannot follow those > instructions without changing my key (or having a debian-specific key > unrelated to my non-debian identity, which seems to defeat the whole > point of the binding). Would subkeys help in this scenario? (hint hint, some good docs about real-world subkey usage are needed). -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org