On Jun 22 2016, Lars Wirzenius <[email protected]> wrote: > On Wed, Jun 22, 2016 at 07:58:43AM -0700, Nikolaus Rath wrote: >> On Jun 21 2016, Gunnar Wolf <[email protected]> wrote: >> > Now, I have said this too many times, but once more: As keyring-maint, >> > we are not collecting samples of people showing valid-looking ID >> > documents to others. This is one of the issues why we don't have >> > long-queue key signing parties: Just checking the ID of a complete >> > stranger is not real identity validation. >> > >> > My personal guideline is that I will sign your key if and only if I >> > see your face and can think of your name, and the opposite way >> > around. >> >> Hmm. Can you explain that in a little more detail? >> >> As I understand, we'll have to meet a few times for beer until we >> remember each others name, and then we sign keys - without ever having >> verified if we've actually given our legal name. > > To some of us, it doesn't matter what your legal name is or if you > have papers to show that your government and you agree on what your > name is. What matters is that you're you, and that you're the person I > know from a reasonable shared history. > > I tend to prefer to sign keys for people I already know. "This is > Richard. I know him for a long time. We've talked about things and > done things together. We have a history. I know it's him. Richard is > the name he always uses with people. I introduce him to other people > as Richard. If he were to show me a passport that says he's actually > Albert, I'd be very surprised. I might be alarmed, unless there's a > reasonable explanatation." [...]
That's all good and well, but what I'm wondering what this signing
policy is intended to protect against - and by extension, if it's
actually worth it. If everyone were to follow this procedure then the
bar to becoming a Debian developer would be raised
significantly. Establishing a history of in-person meetings requires a)
the other person to be reasonably close, b) the other person to be at
least somewhat on the same wavelength, c) the other person to be a
Debian developer.
Best,
-Nikolaus
--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F
»Time flies like an arrow, fruit flies like a Banana.«
signature.asc
Description: PGP signature
