Looking for Advocate/Sponsor
Hello all, I am looking for an Advocate/Sponsor. I have been developing free software for some time and wish to increase my user base (and developer base too!) by releasing debian packages for my work (it would also give me a warm and furry feeling to be assisting with Debian). I have been able to create lint-free debian binary packages for my xmldb library (xmldb.sf.net) and will shortly get around to working out making a source package as well. My other major projects include a Java Decompiler (written in C) and a mod music tracker called KegTracker, both of which I rarely work on these days, but it would be a pity if they were not made more available. I've recently moved to London and if I can get someone here to sign my key, it's possible that I can get one of the debian developers I know back in Sydney to sponsor my package. But it would probably be easier to get someone here to do that too. Any takers? Best regards, Pete Ryland msg05199/pgp0.pgp Description: PGP signature
Looking for Advocate/Sponsor
Hello all, I am looking for an Advocate/Sponsor. I have been developing free software for some time and wish to increase my user base (and developer base too!) by releasing debian packages for my work (it would also give me a warm and furry feeling to be assisting with Debian). I have been able to create lint-free debian binary packages for my xmldb library (xmldb.sf.net) and will shortly get around to working out making a source package as well. My other major projects include a Java Decompiler (written in C) and a mod music tracker called KegTracker, both of which I rarely work on these days, but it would be a pity if they were not made more available. I've recently moved to London and if I can get someone here to sign my key, it's possible that I can get one of the debian developers I know back in Sydney to sponsor my package. But it would probably be easier to get someone here to do that too. Any takers? Best regards, Pete Ryland pgpFKuAMnx083.pgp Description: PGP signature
Need an advocate/sponsor
Hi, I'm looking for an Advocate and a Sponsor for my Debian NM application. I debianized Elserv. Elserv is an HTTP server which runs on Emacs. This is distributed under the GPL. Official web site is follows: http://www.gohome.org/elserv/ My debian pacakges is follow: http://www.koka-in.org/~bg66/debian/ I want someone to inspect my package and please become my advocate and sponsor. My status page for applicant is follow: http://nm.debian.org/nmstatus.php?email=bg66%40koka-in.org Regards, -- OHASHI Akira [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Need an advocate/sponsor
Hi, I'm looking for an Advocate and a Sponsor for my Debian NM application. I debianized Elserv. Elserv is an HTTP server which runs on Emacs. This is distributed under the GPL. Official web site is follows: http://www.gohome.org/elserv/ My debian pacakges is follow: http://www.koka-in.org/~bg66/debian/ I want someone to inspect my package and please become my advocate and sponsor. My status page for applicant is follow: http://nm.debian.org/nmstatus.php?email=bg66%40koka-in.org Regards, -- OHASHI Akira [EMAIL PROTECTED] [EMAIL PROTECTED]
Need an Advocate/Sponsor
Hello, I'm looking for an Advocate and a Sponsor for my Debian NM application. My qualifications include being a programmer with hands in the LyX project (http://www.lyx.org/), being the developer of xmms-volnorm (http://volnorm.sourceforge.net/) this is packaged by Adrian Bunk. I've recently did the final stage of switching completely to Debian (it was installed alongside RedHat for 6 months now), and started to package programs that I needed in my transition. I already have a finished package of xmmsctrl (admittedly a trivial package), and in the works of packaging new. xmmsctrl is a command line tool to control XMMS, usefull to bind keys of multimedia keyboards to control XMMS (I use it with sawfish). new is a templating system, basically you hold a bunch of templates for various files and just 'new filename' to get the new file from a template, very convenient to include the GPL at the top and various other trivia like name and date. Thanks for you time, Baruch -- Baruch Even http://baruch.ev-en.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: GPG Key Signing (Was: Advocate/Sponsor)
On Thu, Jun 28, 2001 at 10:27:54AM -0700, John H. Robinson, IV wrote: On Thu, Jun 28, 2001 at 12:13:37PM -0500, Steve Langasek wrote: we should also require them to demonstrate a clear understanding of PKI as part of the NM process. manoj came up with a pretty good protocol to sign a key. i have it available in HTML at http://people.debian.org/~jaqque/keysign.html it does have some weaknesses, but it is a lot stronger than the ``oh, i've met you, i have checked your ID, and off we go'' comments welcome. Nice to see you called it 'Manoj's Singing-Protocol' ;) -john -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Eric VAN BUGGENHAUT [EMAIL PROTECTED]
Need an advocate/sponsor
Hi! I'm searching for a Sponsor/Advocate I have packaged: The Flink mailchecker is a small panelapplet for the GNOME panel. It features support for multiple accounts, so that you will not need to have several applets for checking different accounts, Flink is capable to have (almost) an infinite amount of accounts configured. Flink supports POP3, IMAPv4 and mbox right now. Flink homepage: http://flink.leyman.nu/ My debian packages: deb http://www.mikan.net/~mikan/debian/ ./ deb-src http://www.mikan.net/~mikan/debian/ ./ Flink was mostly a learning project, how to create a package etc. But I will continue to support it and help the upstream to include sasl support in it's IMAP mode. I have begun work on a new version of arla (orphaned by [EMAIL PROTECTED]) but I'm not done yet. I have gotten it to build, but I need to figure out how it should create an source package for building kernel modules. I haven't filled an ITP yet, because I want to get an advocate/sponsor first, so I feel that I'm on the right track. CU Mikael Andersson [EMAIL PROTECTED] PS Sorry for my bad(?) english, it's not my primary language, and it's late in sweden :-) DS
Re: GPG Key Signing (Was: Advocate/Sponsor)
Samuel == Samuel Tardieu [EMAIL PROTECTED] writes: Samuel Well, then why not talk about id signing instead of key Samuel signing which exists but designates a completely different Samuel thing that also exists in GPG? Because these procedures have been known as key signings since the beginning of time? That anyone who works with PGP/GPG already knows what it means? Because most people use language to sommunicate, and communication implies a basis set of accepted semantics and language, and the accepted nomenclature is key signing? Because I am more interested in conveying my ideas than nit picking irrelevant details? manoj -- There are bugs and then there are bugs. And then there are bugs. Karl Lehenbauer Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Re: GPG Key Signing (Was: Advocate/Sponsor)
Samuel == Samuel Tardieu [EMAIL PROTECTED] writes: Samuel It has an enormous flaw: you do not sign a key, you sign an Samuel id. That means that checking for one e-mail address for being Samuel valid and signing all the ids is just bogus. You may use this Samuel protocol, but you have to repeat each for every email Samuel address you are going to sign. Actually, the real flaw seems to be that my email assumed that the protocol was going to be used by people who had a modicum of inductive reasoning. The outline mentions just one ID in the key being verified and signed, and I assumed that anyone this concerned about security would realize that the same needed to be done for evey ID one needed to verify. Quite obviously I was mistaken in my assumption. John, could you please add the iteration over email ID's to the protocol? == To Have Your Key Signed 4 ... You may receive separate emails for each email ID in your key To Sign Another Key put 6, 7, and 8 in a loop: For each address on the key; do: 6 ... 7 ... 8 ... done Double Key-Signing Same as above, except 6,7,8, and 9 should be in the loop. 10. You may wish to independenty send email to each email ID on the other persons key before signing that identity. == manoj -- The sight of death frightens them [Earthers]. Kras the Klingon, Friday's Child, stardate 3497.2 Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: GPG Key Signing (Was: Advocate/Sponsor)
On 29/06, Manoj Srivastava wrote: | Actually, the real flaw seems to be that my email assumed that | the protocol was going to be used by people who had a modicum of | inductive reasoning. The outline mentions just one ID in the key | being verified and signed, and I assumed that anyone this concerned | about security would realize that the same needed to be done for evey | ID one needed to verify. Quite obviously I was mistaken in my | assumption. Well, then why not talk about id signing instead of key signing which exists but designates a completely different thing that also exists in GPG? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Advocate/Sponsor
On Thu, Jun 28, 2001 at 10:48:53AM -0500, Steve Langasek wrote: Danie, On Thu, 28 Jun 2001, Danie Roux wrote: I would love to have an advocate. Being in Pretoria, South Africa that's not going to be easy though. A developer does not have to be physically proximate to you to be your advocate; in fact, it doesn't have to be your advocate who signs your key, either. The advocate merely ... advocates for you to the NM committee, he is someone who will speak on your behalf in recommending you for maintainership. So in many cases, it may be better to seek a debian developer who knows your work and can evaluate your packages -- often your sponsor is best suited to be your advocate. After I have a sponsor, and I've shown that I can be a developer/maintainer, I'll apply. 'Till then I need to get my package into Debian :-) -- Danie Roux *shuffle* Adore Unix
Re: GPG Key Signing (Was: Advocate/Sponsor)
Samuel == Samuel Tardieu [EMAIL PROTECTED] writes: Samuel It has an enormous flaw: you do not sign a key, you sign an Samuel id. That means that checking for one e-mail address for being Samuel valid and signing all the ids is just bogus. You may use this Samuel protocol, but you have to repeat each for every email Samuel address you are going to sign. Actually, the real flaw seems to be that my email assumed that the protocol was going to be used by people who had a modicum of inductive reasoning. The outline mentions just one ID in the key being verified and signed, and I assumed that anyone this concerned about security would realize that the same needed to be done for evey ID one needed to verify. Quite obviously I was mistaken in my assumption. John, could you please add the iteration over email ID's to the protocol? == To Have Your Key Signed 4 ... You may receive separate emails for each email ID in your key To Sign Another Key put 6, 7, and 8 in a loop: For each address on the key; do: 6 ... 7 ... 8 ... done Double Key-Signing Same as above, except 6,7,8, and 9 should be in the loop. 10. You may wish to independenty send email to each email ID on the other persons key before signing that identity. == manoj -- The sight of death frightens them [Earthers]. Kras the Klingon, Friday's Child, stardate 3497.2 Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Re: GPG Key Signing (Was: Advocate/Sponsor)
On 29/06, Manoj Srivastava wrote: | Actually, the real flaw seems to be that my email assumed that | the protocol was going to be used by people who had a modicum of | inductive reasoning. The outline mentions just one ID in the key | being verified and signed, and I assumed that anyone this concerned | about security would realize that the same needed to be done for evey | ID one needed to verify. Quite obviously I was mistaken in my | assumption. Well, then why not talk about id signing instead of key signing which exists but designates a completely different thing that also exists in GPG?
Re: Advocate/Sponsor
I would love to have an advocate. Being in Pretoria, South Africa that's not going to be easy though. For now I want a sponsor to get garchiver in to Debian. On Thu, Jun 28, 2001 at 01:38:36PM +0200, Robert Millan wrote: Do you mean an advocate? When you submit your appliance to join debian, an advocate geographically near will contact you for meeting. You need to meet him/her to prove your identity so debian allows you to join the community. see http://nm.debian.org/ for more info. -- Robert MillanDebian GNU user zeratul2 wanadoo eshttp://getyouriso.org/ -- Danie Roux *shuffle* Adore Unix -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Advocate/Sponsor
Robert Millan [EMAIL PROTECTED] writes: Do you mean an advocate? When you submit your appliance to join debian, an advocate geographically near will contact you for meeting. You need to meet him/her to prove your identity so debian allows you to join the community. see http://nm.debian.org/ for more info. I have a question about that. I filled in the webform on http://nm.debian.org/newnm.php last week, checked every botton except the gpg key and if I have an advocate. The webform warned about that I haven't got my key signed etc. Shouldn't I see my name on http://nm.debian.org/nmlist.php under No Advocate? I have sent mail to two dd in sweden, and trying to get my key signed. Is it required to have an advocate and signed gpg key before you fill in the webform or not? Cheers Mikael PS Sorry for my English, it's not my Native language DS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Advocate/Sponsor
* Mikael Andersson [EMAIL PROTECTED] [010628 14:29]: I have a question about that. I filled in the webform on http://nm.debian.org/newnm.php last week, checked every botton except the gpg key and if I have an advocate. The webform warned about that I haven't got my key signed etc. Shouldn't I see my name on http://nm.debian.org/nmlist.php under No Advocate? No. Is it required to have an advocate and signed gpg key before you fill in the webform or not? You need a signed gpg key, but not an advocate when you apply -- the message currently printed is not clear, though. I have fixed that now. (It should have said that you needed a GPG signd key.) I have sent mail to two dd in sweden, and trying to get my key signed. If they don't respond, contact me in private mail and I will try to help you. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Advocate/Sponsor
Danie, On Thu, 28 Jun 2001, Danie Roux wrote: I would love to have an advocate. Being in Pretoria, South Africa that's not going to be easy though. A developer does not have to be physically proximate to you to be your advocate; in fact, it doesn't have to be your advocate who signs your key, either. The advocate merely ... advocates for you to the NM committee, he is someone who will speak on your behalf in recommending you for maintainership. So in many cases, it may be better to seek a debian developer who knows your work and can evaluate your packages -- often your sponsor is best suited to be your advocate. You still need to have your key signed before you can become a d-d, and this usually requires a physical meeting. IIRC, there are some d-d's living in South Africa, though I don't remember what city; and if a physical meeting doesn't seem possible, there are other ways that have been used in the past to handle the identification requirement. In the meantime, sponsored uploads are a great way to get started with Debian. Regards, Steve Langasek postmodern programmer For now I want a sponsor to get garchiver in to Debian. On Thu, Jun 28, 2001 at 01:38:36PM +0200, Robert Millan wrote: Do you mean an advocate? When you submit your appliance to join debian, an advocate geographically near will contact you for meeting. You need to meet him/her to prove your identity so debian allows you to join the community. see http://nm.debian.org/ for more info. -- Robert MillanDebian GNU user zeratul2 wanadoo eshttp://getyouriso.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Advocate/Sponsor
On Thu, Jun 28, 2001 at 09:31:54AM -0500, Martin Michlmayr wrote: You need a signed gpg key, but not an advocate when you apply -- the message currently printed is not clear, though. I have fixed that now. (It should have said that you needed a GPG signd key.) Does the GPG key need to be signed or does it just need to exist? I had been under the impression that other forms of identification were still possible, though severely discouraged. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Advocate/Sponsor
On Thu, 28 Jun 2001, Duncan Findlay wrote: I think that now an advocate is needed to simply say that they agree with your application, and be a mentor of sorts. After an advocate is found, an application manager is assigned. I don't think that there is any requirement for an actual physical meeting. Photo ID appears to be acceptible. Certainly not. Photo IDs can not only be faked, they can also be stolen. Without physically meeting you and seeing you, how do we know that you're really the person in the picture? There are other methods of ascertaining identity without the benefit of a physical meeting, but they usually don't involve photo IDs -- and even if they're used for satisfying the identification requirement of the NM process, they probably shouldn't be used as justification for signing a GPG key. It's my personal opinion that, if we are going to empower all Debian developers to sign other people into the Debian keyring (and consequently into the global Web of Trust), we should also require them to demonstrate a clear understanding of PKI as part of the NM process. I think there are a lot of NMs who, if they don't already know a lot about PKI before they become DD's, never learn more than the mechanics of signing a key -- and that's ok, until we start encouraging them to go out and sign other people's keys. :) Steve Langasek postmodern programmer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: GPG Key Signing (Was: Advocate/Sponsor)
On 28/06, John H. Robinson, IV wrote: | http://people.debian.org/~jaqque/keysign.html | | it does have some weaknesses, but it is a lot stronger than the ``oh, | i've met you, i have checked your ID, and off we go'' | | comments welcome. It has an enormous flaw: you do not sign a key, you sign an id. That means that checking for one e-mail address for being valid and signing all the ids is just bogus. You may use this protocol, but you have to repeat each for every email address you are going to sign. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Advocate/Sponsor
On 28/06, Martin Michlmayr wrote: | * Mark Brown [EMAIL PROTECTED] [20010628 16:53]: | Does the GPG key need to be signed or does it just need to exist? I | had been under the impression that other forms of identification | were still possible, though severely discouraged. | | Yeah, those forms still exist. The web site even says | | Do you yet have a GPG key signed by a current developer or some | other photo ID scanned in and signed with your GPG key? | | But I usually talk of 'signed keys' because that's the preferred | method and because it is usually possible to get a signature these | days. I also think that Debian should accept scanned IDs signed with a trusted X509 key (as the one issued for free by Thawte (http://www.thawte.com/)). This would allow people who went through the heavy Thawte id checking to have their identity trusted by the Debian project. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Advocate/Sponsor
On Thu, 28 Jun 2001, Samuel Tardieu wrote: On 28/06, Martin Michlmayr wrote: | * Mark Brown [EMAIL PROTECTED] [20010628 16:53]: | Does the GPG key need to be signed or does it just need to exist? I | had been under the impression that other forms of identification | were still possible, though severely discouraged. | Yeah, those forms still exist. The web site even says | Do you yet have a GPG key signed by a current developer or some | other photo ID scanned in and signed with your GPG key? | But I usually talk of 'signed keys' because that's the preferred | method and because it is usually possible to get a signature these | days. I also think that Debian should accept scanned IDs signed with a trusted X509 key (as the one issued for free by Thawte (http://www.thawte.com/)). This would allow people who went through the heavy Thawte id checking to have their identity trusted by the Debian project. No. Signing the scanned ID adds *nothing* over accepting the x509 key by itself. If faking a physical photo ID is easy, faking a scanned photo ID is ridiculously simple. If we want to accept Thawte's id checking as sufficiently rigorous for our purposes, if we want to trust Thawte[1], then there's no point in asking for a scan signed with the ID. But I don't think we should accept Thawte IDs as sufficient; the needs and goals of a PKI that uses CAs (such as Thawte) are not entirely compatible with those of a peer-to-peer system (such as PGP). Steve Langasek postmodern programmer [1] And is Thawte really so impervious to corruption that there's not even a *remote* possibility of falsification? Remember that they're now owned by Network Solutions. Anything is possible... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Advocate/Sponsor
Do you mean an advocate? When you submit your appliance to join debian, an advocate geographically near will contact you for meeting. You need to meet him/her to prove your identity so debian allows you to join the community. see http://nm.debian.org/ for more info. -- Robert MillanDebian GNU user zeratul2 wanadoo eshttp://getyouriso.org/
Re: Advocate/Sponsor
I would love to have an advocate. Being in Pretoria, South Africa that's not going to be easy though. For now I want a sponsor to get garchiver in to Debian. On Thu, Jun 28, 2001 at 01:38:36PM +0200, Robert Millan wrote: Do you mean an advocate? When you submit your appliance to join debian, an advocate geographically near will contact you for meeting. You need to meet him/her to prove your identity so debian allows you to join the community. see http://nm.debian.org/ for more info. -- Robert MillanDebian GNU user zeratul2 wanadoo eshttp://getyouriso.org/ -- Danie Roux *shuffle* Adore Unix
Re: Advocate/Sponsor
On Thu, Jun 28, 2001 at 09:31:54AM -0500, Martin Michlmayr wrote: You need a signed gpg key, but not an advocate when you apply -- the message currently printed is not clear, though. I have fixed that now. (It should have said that you needed a GPG signd key.) Does the GPG key need to be signed or does it just need to exist? I had been under the impression that other forms of identification were still possible, though severely discouraged.
Re: Advocate/Sponsor
I think that now an advocate is needed to simply say that they agree with your application, and be a mentor of sorts. After an advocate is found, an application manager is assigned. I don't think that there is any requirement for an actual physical meeting. Photo ID appears to be acceptible. Do you mean an advocate? When you submit your appliance to join debian, an advocate geographically near will contact you for meeting. You need to meet him/her to prove your identity so debian allows you to join the community. see http://nm.debian.org/ for more info. -- Robert MillanDebian GNU user zeratul2 wanadoo eshttp://getyouriso.org/
Re: Advocate/Sponsor
On Thu, 28 Jun 2001, Duncan Findlay wrote: I think that now an advocate is needed to simply say that they agree with your application, and be a mentor of sorts. After an advocate is found, an application manager is assigned. I don't think that there is any requirement for an actual physical meeting. Photo ID appears to be acceptible. Certainly not. Photo IDs can not only be faked, they can also be stolen. Without physically meeting you and seeing you, how do we know that you're really the person in the picture? There are other methods of ascertaining identity without the benefit of a physical meeting, but they usually don't involve photo IDs -- and even if they're used for satisfying the identification requirement of the NM process, they probably shouldn't be used as justification for signing a GPG key. It's my personal opinion that, if we are going to empower all Debian developers to sign other people into the Debian keyring (and consequently into the global Web of Trust), we should also require them to demonstrate a clear understanding of PKI as part of the NM process. I think there are a lot of NMs who, if they don't already know a lot about PKI before they become DD's, never learn more than the mechanics of signing a key -- and that's ok, until we start encouraging them to go out and sign other people's keys. :) Steve Langasek postmodern programmer
Re: Advocate/Sponsor
* Mark Brown [EMAIL PROTECTED] [20010628 16:53]: Does the GPG key need to be signed or does it just need to exist? I had been under the impression that other forms of identification were still possible, though severely discouraged. Yeah, those forms still exist. The web site even says Do you yet have a GPG key signed by a current developer or some other photo ID scanned in and signed with your GPG key? But I usually talk of 'signed keys' because that's the preferred method and because it is usually possible to get a signature these days.
GPG Key Signing (Was: Advocate/Sponsor)
On Thu, Jun 28, 2001 at 12:13:37PM -0500, Steve Langasek wrote: we should also require them to demonstrate a clear understanding of PKI as part of the NM process. manoj came up with a pretty good protocol to sign a key. i have it available in HTML at http://people.debian.org/~jaqque/keysign.html it does have some weaknesses, but it is a lot stronger than the ``oh, i've met you, i have checked your ID, and off we go'' comments welcome. -john
Re: GPG Key Signing (Was: Advocate/Sponsor)
On 28/06, John H. Robinson, IV wrote: | http://people.debian.org/~jaqque/keysign.html | | it does have some weaknesses, but it is a lot stronger than the ``oh, | i've met you, i have checked your ID, and off we go'' | | comments welcome. It has an enormous flaw: you do not sign a key, you sign an id. That means that checking for one e-mail address for being valid and signing all the ids is just bogus. You may use this protocol, but you have to repeat each for every email address you are going to sign.
Re: Advocate/Sponsor
On 28/06, Martin Michlmayr wrote: | * Mark Brown [EMAIL PROTECTED] [20010628 16:53]: | Does the GPG key need to be signed or does it just need to exist? I | had been under the impression that other forms of identification | were still possible, though severely discouraged. | | Yeah, those forms still exist. The web site even says | | Do you yet have a GPG key signed by a current developer or some | other photo ID scanned in and signed with your GPG key? | | But I usually talk of 'signed keys' because that's the preferred | method and because it is usually possible to get a signature these | days. I also think that Debian should accept scanned IDs signed with a trusted X509 key (as the one issued for free by Thawte (http://www.thawte.com/)). This would allow people who went through the heavy Thawte id checking to have their identity trusted by the Debian project.
Re: Advocate/Sponsor
On Thu, 28 Jun 2001, Samuel Tardieu wrote: On 28/06, Martin Michlmayr wrote: | * Mark Brown [EMAIL PROTECTED] [20010628 16:53]: | Does the GPG key need to be signed or does it just need to exist? I | had been under the impression that other forms of identification | were still possible, though severely discouraged. | Yeah, those forms still exist. The web site even says | Do you yet have a GPG key signed by a current developer or some | other photo ID scanned in and signed with your GPG key? | But I usually talk of 'signed keys' because that's the preferred | method and because it is usually possible to get a signature these | days. I also think that Debian should accept scanned IDs signed with a trusted X509 key (as the one issued for free by Thawte (http://www.thawte.com/)). This would allow people who went through the heavy Thawte id checking to have their identity trusted by the Debian project. No. Signing the scanned ID adds *nothing* over accepting the x509 key by itself. If faking a physical photo ID is easy, faking a scanned photo ID is ridiculously simple. If we want to accept Thawte's id checking as sufficiently rigorous for our purposes, if we want to trust Thawte[1], then there's no point in asking for a scan signed with the ID. But I don't think we should accept Thawte IDs as sufficient; the needs and goals of a PKI that uses CAs (such as Thawte) are not entirely compatible with those of a peer-to-peer system (such as PGP). Steve Langasek postmodern programmer [1] And is Thawte really so impervious to corruption that there's not even a *remote* possibility of falsification? Remember that they're now owned by Network Solutions. Anything is possible...
Advocate/Sponsor
I was wondering if anyone would be willing to sponsor my application to be a new maintainer. Currently, I've packaged alienwave, a simple curses-based console game of the space invaders genre. I've also packaged the latest version of faqomatic, which was orphaned by Scott K. Ellis. Both alienwave and faqomatic are available at http://freecashonthewebnow.virtualave.net/debian (un: debian, pw: debian) Thanks. Duncan Findlay [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Advocate/Sponsor
I was wondering if anyone would be willing to sponsor my application to be a new maintainer. Currently, I've packaged alienwave, a simple curses-based console game of the space invaders genre. I've also packaged the latest version of faqomatic, which was orphaned by Scott K. Ellis. Both alienwave and faqomatic are available at http://freecashonthewebnow.virtualave.net/debian (un: debian, pw: debian) Thanks. Duncan Findlay [EMAIL PROTECTED]
Looking for Advocate, Sponsor
Debian Mentors: I am looking for a sponsor/advocate for becoming a debian developer. I am packaging misterhouse, a home automation package written in perl. I have signed up at http://www.internatif.org/bortzmeyer/debian/sponsor/. The misterhouse debian package can be found at http://www.runningland.com/debian/. Lintian gives some perl warnings that I believe can be safely ignored after reading the Debian Perl Policy. Any help or feedback would be appreciated. Thanks! Dave Mabe
Looking for Advocate, Sponsor
Debian Mentors: I am looking for a sponsor/advocate for becoming a debian developer. I am packaging misterhouse, a home automation package written in perl. I have signed up at http://www.internatif.org/bortzmeyer/debian/sponsor/. The misterhouse debian package can be found at http://www.runningland.com/debian/. Lintian gives some perl warnings that I believe can be safely ignored after reading the Debian Perl Policy. Any help or feedback would be appreciated. Thanks! Dave Mabe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]