On Wed, Oct 10, 2012 at 6:52 AM, Nick Kew <n...@apache.org> wrote: > > On 10 Oct 2012, at 11:25, Benson Margulies wrote: > >> I then feel that it's perfectly reasonable to sign a key that has two >> things in it: the name Noah Slater and nsla...@apache.org, because if >> this process doesn't verify an adequate association, then no one can >> trust the Apache IP process, either, and which has the same signature >> as the one in SVN. > > The apache process is satisfied with his identity. The apache process > says so by publishing the key under his name at apache.org, thus > establishing a certain level of trust. > > That most certainly doesn't mean I should sign the key: for me to do > so based on hearsay (my own trust not in his key but in the apache > process) just muddies the waters.
Nick: On the one hand, how is trusting the Apache process better or worse than trusting the State of Massachusetts? Both offer an assertion of a relationship between someone and a legal identity. In the state of MA case, I'm matching a face to a piece of (forgeable) plastic. In the Apache case, I'm matching an email to the Apache process. In both cases, I could be the subject of a fraud: someone I 'know' via mailing list interactions shows up in person, shows me a driver's license, and satisfies me that he or she is the same person I 'know' online. Enter the mole. If the answer to this is that WoT is supposed to be based on some level of 'real personal trust' (the opposite, after a fashion, of a 'Facebook Friend'), then I shouldn't sign keys at signing parties, since there's just about no one at Apache whom I know well enough to meet the standard. And I feel reinforced in my original urge to write web pages around here that put the Apache process above the WoT. Ironically, I could argue that we'd be better-served with X.509 certs. An Apache CA could be programmed to issue a cert to each committer. Users would just verify the source CA, and we'd accomplish the goal of giving users assurance. > > The missing link is my ability to formalise my WoT level of trust > (whatever it might be) in the apache process by signing a key > labelled something like "ASF committer enrolment process" which > in turn automatically signs everyone's keys. Were it not for the risk > of rather serious misunderstanding, I should advocate such a key. > > -- > Nick Kew > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org