Quoting H. Nikolaus Schaller (2017-06-04 11:41:19) > Am 04.06.2017 um 10:17 schrieb Jonas Smedegaard <[email protected]>: >> Please read http://deb.jones.dk/ and tell me which parts of that is >> flawed or superfluous or wrong in other ways. > > That is a nice blueprint of exactly what I need and how it should be > done! > > If I get it right (just from reading and guessing what it does) it > assumes that your key is stored in debian-keyring.
Correct: My instruction is simpler than yours can be: Users of Debian already implicitly trust the _identities_ of all Debian members (but trust only _releases_ signed by special release keys). I can therefore suggest users to establish a trust path by finding my key among the keys they already trust. You could instead suggest users to establish a trust path by finding my key among the keys they already trust, and then finding your key among signatures made by me. > And this requires that you are trusted by the maintainers of > debian-keyring. debian-keyring *only* contains keys from within Debian. > Then you can declare that you are trusted and others can verify before > taking your word only. you can declare all you want - that won't change anything, as you have no power over the users system. Yet... ;-) The _user_ can declare that package releases done (not only by Debian officially, but also) independently by you should be trusted. > But how does your key get into debian-keyring? By joining Debian. There is no other way for that specifically, so you need to adapt instructions to other means of establishing your identity. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
_______________________________________________ Community mailing list [email protected] http://lists.goldelico.com/mailman/listinfo.cgi/community http://www.tinkerphones.org
