On Fri, May 26, 2006 at 11:57:09AM +0200, Michael Meskes wrote: > On Thu, May 25, 2006 at 04:30:07PM -0500, Manoj Srivastava wrote: > > On 25 May 2006, Andreas Tille spake thusly: > > > Is there any reason to revoke my signature I have put on > > > Martin's key after he showed me his passport? > > > > In my opinion, yes, if you consider subverting the KSP like > > that unacceptable behaviour. > > This may be a silly question but doesn't my signature only state that I > certify this key really belongs to the person it seems to belong to?
It certifies that you've seen the person, that he's shown you his GPG key which he had claimed to be his, and that you have a reasonable suspicion that he is who he claims to be. Given the huge number of different people who sign GPG keys, you cannot reasonably assume anything more than the above about signatures from anyone but yourself (i.e., it is not what you *should* check before signing a key; these are only the checks that you can reasonably assume to have been made). That aside, personally, I don't know what the big fuzz is about. I know who Martin Krafft is; I've seen him at a number of FOSDEM instances, and I've seen him last year in Helsinki, where I called him by his name (to which he reacted), and where literally hundreds of others did the same. Considering that, I don't need a government-issued ID to be sure that he is indeed who he claims to be. I suspect the same is true for many of the other Debian people there. I'd think it'd be very hard to be impersonating someone at a DebConf KSP. -- Fun will now commence -- Seven Of Nine, "Ashes to Ashes", stardate 53679.4 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
