On Wed, Oct 10, 2012 at 8:11 AM, Florian Holeczek <[email protected]> wrote: > However, what would now be totally wrong IMO is, that some guys in the ASF > redefine these rules in order to make the process of release signing more > simple. In the WoT big picture, this would automatically mean that every key > that is signed based on these weak rules would have to be marked as > marginally trusted (if at all) by people who want to really follow the > PGP/GPG WoT concept.
In my opinion, we have sufficient expertise here at the ASF to devise an authentication protocol whose reliability exceeds that of individuals participating unsupervised in a web of trust, particularly if the protocol were to incorporate archived video and auditing by a PMC. That said, persuading others that no corners are being cut may be a more daunting challenge. :P Marvin Humphrey --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
