Excerpts from Thomas Goirand's message of 2014-11-10 16:26:30 -0800: > On 10/27/2014 10:45 PM, Jeremy Stanley wrote: > > If there is interest in doing another Sassaman-Projected Method > > exercise at future events > > I really wish we do *not* reproduce what happened in Atlanta. > > We had a few seconds to check IDs, and sorry, but I'm not familiar with > most US driver's licenses. It went so fast that I couldn't even catch up > with my printed list checkmarks. > > I also usually don't trust government IDs in general, and I very much > prefer to know people, and check that there's others in the project that > can vouch for their identity. > > Even better: I usually don't sign *at all* the keys from the people I > wont recognize if I see them again. Otherwise, I don't see the point at > all, if we just sign the keys of everyone in the room. We then better > have just an OpenStack keyring, just like there's a Debian developer > keyring, on which we delegate the trust to some kind of organization > (but this needs to be used for something...). > > If we do another key signing party in Vancouver, then I propose that: > > 1/ We take enough time (1 hour is the bare minimum) > 2/ We use that time so we can gather in small groups of people that we > don't know, and take the time to present ourselves to others, and tell > what we do, who we are, etc. > > It doesn't mater if we end-up signing a lot less keys. And for those > persons which we know already, it's easy to ask for a fingerprint copy, > and this can take just a few seconds (no need to even check for the > government IDs). >
Thomas, that is your prerogative, but most of us accept the Sassaman methods for mass key-signing. Going slower is probably a good idea, but the method itself isn't a problem for most of us. _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
