On Thu, Nov 20, 2003 at 12:54:07AM +0100, Goswin von Brederlow wrote: > Matt Zimmerman <[EMAIL PROTECTED]> writes: > > The whole point of signing packages is that it is not anonymous at all, but > > traceable back to the signer. Assuming the keyholder protects his key > > adequately, there is reasonable assurance that the keyholder and the signer > > are the same person. > > Exactly my point. > > As a non DD running a buildd I have much more and anonymous access to > packages being build. I and some others are aparently trustworthy > enough by their DD friends but not by the DAM.
The burden lies with whomever is doing the signing. They are accepting responsibility for what they upload, and if that involves trusting you, then they are taking responsibility for you as well. -- - mdz
