On Wed, Aug 20, 2003 at 11:23:47AM +0200, Martin Quinson wrote: > On Wed, Aug 20, 2003 at 06:46:34PM +1000, Martin Michlmayr wrote: > > * Goswin von Brederlow <[EMAIL PROTECTED]> [2003-08-20 10:31]: > > > > Martin Quinson <[EMAIL PROTECTED]> wrote: > > > > > I just wondered if it would be possible for non-developper > > > > > contributors to Debian to get their GPG key in the Debian keyserver. > > > > > > You can also apply as a NM for translation work. You don't need to > > > maintaine a package or know much about the packaging system for > > > that. You get different task&skill tests. > > > > V I P Martin Quinson <[EMAIL PROTECTED]>
> Exact. I *did* apply. I'm even pretty well advanced in the process. > $ LC_ALL=C gpg --keyserver keyring.debian.org --recv-keys E145F334 > gpg: no valid OpenPGP data found. > gpg: Total number processed: 0 > This is the ID of my key, available from www.keyserver.net and signed by 2 > DD. Did I mess something up ? > Shouldn't Debian make sure that work submition from non-DD contributor are > signed, just like it does for the work submition from DD ? The keyring on keyring.debian.org is used directly as a means of authorizing people to a number of Debian resources, including the package upload queue and d-d-a. Whether you agree with this design or not, it means that the Debian keyserver is not suitable for use as a general-purpose means of *authenticating* people. For authenticating PGP users to one another, you should use the usual Web of Trust to achieve this. -- Steve Langasek postmodern programmer
pgpiZwGdLyHUr.pgp
Description: PGP signature