On Mon, Jul 02, 2012 at 10:49:14PM +0200, Jochen Spieker wrote:
> What I find more interesting is that the key 0x6294BE9B ("Debian CD
> signing key") only has nine signatures and only one from someone using
> his "official" @debian org address (0x3442684E, Steve McIntyre). That
> could surely be improved. I am a little bit disappointed to learn that
> even my fairly well-connected key doesn't help in finding a trust path
> to the CD signing key.% gpg --list-sigs 6294BE9B pub 4096R/6294BE9B 2011-01-05 uid Debian CD signing key <[email protected]> sig 1B3045CE 2011-01-07 Colin Tuckley <[email protected]> sig 3442684E 2011-01-05 Steve McIntyre <[email protected]> sig A40F862E 2011-01-05 Neil McGovern <[email protected]> sig C542CD59 2011-01-05 Adam D. Barratt <[email protected]> sig 63C7CC90 2011-01-05 Simon McVittie <[email protected]> sig 3 6294BE9B 2011-01-05 Debian CD signing key <[email protected]> sub 4096R/11CD9819 2011-01-05 sig 6294BE9B 2011-01-05 Debian CD signing key <[email protected]> All of the above named individuals are Debian developers. Note that the UID shown is just one of several on their key: % gpg --list-keys 1B3045CE 3442684E A40F862E C542CD59 63C7CC90 pub 1024D/1B3045CE 1999-07-09 uid Colin Tuckley <[email protected]> uid [jpeg image of size 2652] uid Colin Tuckley <[email protected]> sub 2048g/5C5B9D12 1999-07-09 pub 4096R/3442684E 2009-05-09 uid Steve McIntyre <[email protected]> uid Steve McIntyre <[email protected]> uid Steve McIntyre <[email protected]> sub 4096R/E2C26E29 2009-05-09 pub 4096R/A40F862E 2009-05-11 uid Neil McGovern <[email protected]> uid Neil McGovern <[email protected]> uid Neil McGovern <[email protected]> sub 4096R/B999855D 2009-05-11 pub 4096R/C542CD59 2009-07-11 uid Adam D. Barratt <[email protected]> uid Adam D. Barratt <[email protected]> uid Adam D. Barratt <[email protected]> sub 4096R/EC0E8DA0 2009-07-11 pub 4096R/63C7CC90 2009-05-08 uid Simon McVittie <[email protected]> uid Simon McVittie <[email protected]> uid Simon James McVittie (born 1983-08-25) uid Simon McVittie <[email protected]> sub 4096R/20FB245D 2009-05-08 [expires: 2019-05-06] Of these, I have signed Steve's key from when we met in Cambridge earlier in the year, and I also signed Colin's new key (38C9D903) but this isn't yet being used. So I am just two hops to the key in the web of trust. I'm probably just another hop or two by all the other keys, since I signed Adam and Simon's older keys, and I also have lots of paths to the keys via other people's keys. Even if I had never met any of these people personally, I'd still only be three or four hops away. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools `- GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
