Scripsit Martijn van Oosterhout <[EMAIL PROTECTED]> > "push aside"? There's no rule that says there can be only one. Yes, > replacing someone could become ugly, but providing additional hands > can't be considered bad, can it?
It can be considered bad from a technical viewpoint - as far as I understand the master copy of the keyring is currently on a medium that is under the keyring maintainer's direct physical control. The "obvious" way of switching to team maintenance of the keyring would entail keeping the master copy in a central machine - for example on a debian.org box somewhere in a colo. Doing that in a way that does not leave the keyring more vulnerable to surreptitious compromise than some reasonable persons might prefer, requires software support that does not currently exist. If somebody designs and implements (after a suitable architectural review) some software to support distributed keyring maintenance in a secure, auditable way, it is likely that calls for adding more people to the task would be considered more seriously. > Anyway, ISTM that removing keys from a keyring is much more important > than adding new ones, right? It is also more difficult to implement in a secure distributed way. Anybody can think up a scheme for using gpg signatures to prevent keys from being added without authorisation in the first place. Making sure that a removed key stays removed is a more complex question - particularly if emergency powers-to-remove just get kludged onto the existing system as an afterthought. -- Henning Makholm "Panic. Alarm. Incredulity. *Thing* has not enough legs. Topple walk. Fall over not. Why why why? What *is* it?" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]