Hi, Jakub Wilk: > Do you have any non-joke documentation about signing responsibly? > Signing a key is equivalent to saying that you think that the key belongs to a particular individual and/or identity.
Whether that means "I regularly hang out with them at DebConf" or "I met them in a keysigning queue last year, and their driver's license from $STATE looked reasonably legit" is up to you; there's a GPG option (via the the *-cert-level options, see 'man gpg') to state how carefully you did verify their identity, but ultimately it's up to you. -- -- Matthias Urlichs -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140902102815.ge21...@smurf.noris.de
