On Wed, 2005-01-19 at 11:35 -0500, Jon Portnoy wrote: > On Wed, Jan 19, 2005 at 09:31:25AM -0500, Chris Gianelloni wrote: > > > > > Any dev that you cannot physically verify via government or school > > issued identification and their physical presence, should not be signed. > > Otherwise you are simply weakening the web of trust. In fact, for LWE > > key signing, we require 2 forms of picture identification. > > > > Most people don't _have_ two forms of picture ID.
Then your key would be signed as "semi-trusted" most likely. This could be overridden if you had, for example, a credit card or two and a social security card. Essentially the idea is that more than one form of ID is used to verify identity. At LWE in NY last January, I believe there was only one person that only had one form of ID, so it seems to be more common than you think. -- Chris Gianelloni Release Engineering - Operational/QA Manager Games - Developer Gentoo Linux
signature.asc
Description: This is a digitally signed message part
