Jonas Smedegaard dijo [Thu, Jun 23, 2016 at 10:30:21PM +0200]:
> I sign keys by a similar policy as Gunnar, it seems. But I do sign also
> people I have not met before...
>
> The logic I use is that I should be able to re-identify later. If I
> meet the person later I might have forgotten thei
Jakub Wilk dijo [Thu, Jun 23, 2016 at 07:30:42PM +0200]:
> * Nikolaus Rath , 2016-06-23, 09:23:
> >I am wondering if the extra burden is worth the gain in security. If
> >everyone were to follow this procedure then the bar to becoming a Debian
> >developer would be raised significantly.
>
> As as
On Jun 23 2016, ja...@teacaster.net wrote:
> Hello Everyone,
>
> Sorry to interject in this matter however it is beginning to become
> repetitive.
You may be contributing to this, because you clearly haven't actually
read the thread.
> If a Debian Developer is to sign your key, they will need to
On Jun 23 2016, Lars Wirzenius wrote:
> On Thu, Jun 23, 2016 at 12:52:35PM -0700, Nikolaus Rath wrote:
>> On Jun 23 2016, Lars Wirzenius wrote:
>> > On Thu, Jun 23, 2016 at 09:23:07AM -0700, Nikolaus Rath wrote:
>> >> As I said in my other email, I am wondering if the extra burden is worth
>> >>
Quoting ja...@teacaster.net (2016-06-23 23:17:11)
> PGP Key Signing for New Members is purely an identification process,
> to prove that you are who you say you are. This provides the Debian
> Foundation with the assurance that you can be trusted monitoring their
> infrastructure, uploading pack
Hello Everyone,
Sorry to interject in this matter however it is beginning to become
repetitive. PGP Key Signing for New Members is purely an identification
process, to prove that you are who you say you are. This provides the
Debian Foundation with the assurance that you can be trusted monitor
Quoting Michael Lustfield (2016-06-23 21:27:15)
> Somewhere, I saw it mentioned that you should be able to verify based
> on history only and their legal name doesn't matter. I don't entirely
> disagree. The chances of the NSA building a super computer to
> contribute to Debian, become a DD, and
On Thu, Jun 23, 2016 at 12:52:35PM -0700, Nikolaus Rath wrote:
> On Jun 23 2016, Lars Wirzenius wrote:
> > On Thu, Jun 23, 2016 at 09:23:07AM -0700, Nikolaus Rath wrote:
> >> As I said in my other email, I am wondering if the extra burden is worth
> >> the gain in security.
> >
> > Is there an ext
Quoting Peter Colberg (2016-06-23 20:39:52)
> On Thu, Jun 23, 2016 at 07:30:42PM +0200, Jakub Wilk wrote:
>> As as data point, if everybody[0]'s key signing policy had been that
>> establishing "social bonds" was a prerequisite, I would have almost
>> certainly never become a DD.
>
> I would like
On Jun 23 2016, Lars Wirzenius wrote:
> On Thu, Jun 23, 2016 at 09:23:07AM -0700, Nikolaus Rath wrote:
>> As I said in my other email, I am wondering if the extra burden is worth
>> the gain in security.
>
> Is there an extra burden? Seems to me that it'd happen naturally if
> you contribute to De
On Thu, Jun 23, 2016 at 9:28 AM, Lars Wirzenius wrote:
> On Thu, Jun 23, 2016 at 09:23:07AM -0700, Nikolaus Rath wrote:
> > As I said in my other email, I am wondering if the extra burden is worth
> > the gain in security.
>
> Is there an extra burden? Seems to me that it'd happen naturally if
>
On Thu, Jun 23, 2016 at 02:39:52PM -0400, Peter Colberg wrote:
> The union of the DDs I have worked with and the DDs that were kind
> enough to meet with me for key signing on their travel through my
> city is an empty set.
How embarrassing: I meant the intersection, of course.
Peter
signature.
On Thu, Jun 23, 2016 at 07:30:42PM +0200, Jakub Wilk wrote:
> As as data point, if everybody[0]'s key signing policy had been that
> establishing "social bonds" was a prerequisite, I would have almost
> certainly never become a DD.
I would like to add another data point as a recent DM. The union o
* Nikolaus Rath , 2016-06-23, 09:23:
I am wondering if the extra burden is worth the gain in security. If
everyone were to follow this procedure then the bar to becoming a
Debian developer would be raised significantly.
As as data point, if everybody[0]'s key signing policy had been that
esta
On Thu, Jun 23, 2016 at 09:23:07AM -0700, Nikolaus Rath wrote:
> As I said in my other email, I am wondering if the extra burden is worth
> the gain in security.
Is there an extra burden? Seems to me that it'd happen naturally if
you contribute to Debian and as part of that interact with other
Deb
On Jun 23 2016, Ben Finney wrote:
> Nikolaus Rath writes:
>
>> But how is your policy preventing this?
>
> If you're looking for claims of “This policy will absolutely guarantee
> the malicious behaviour is impossible”, of course that's not a
> believable claim and I don't expect anyone to seriou
Nikolaus Rath writes:
> But how is your policy preventing this?
If you're looking for claims of “This policy will absolutely guarantee
the malicious behaviour is impossible”, of course that's not a
believable claim and I don't expect anyone to seriously propose that. So
I don't know what you're
On Jun 22 2016, Gunnar Wolf wrote:
> Nikolaus Rath dijo [Wed, Jun 22, 2016 at 07:58:43AM -0700]:
>> > Now, I have said this too many times, but once more: As keyring-maint,
>> > we are not collecting samples of people showing valid-looking ID
>> > documents to others. This is one of the issues why
On Jun 22 2016, Lars Wirzenius wrote:
> On Wed, Jun 22, 2016 at 07:58:43AM -0700, Nikolaus Rath wrote:
>> On Jun 21 2016, Gunnar Wolf wrote:
>> > Now, I have said this too many times, but once more: As keyring-maint,
>> > we are not collecting samples of people showing valid-looking ID
>> > docum
Lars Wirzenius dijo [Wed, Jun 22, 2016 at 07:32:28PM +0300]:
> PS. *Obviously* a policy to only sign keys for people you already know
> is a stratagem to get people to talk to me at parties.
Grah, my evil plan has been foiled. I fear, I will sit lonely with no
friends at DebConf :-(
Please, someb
Nikolaus Rath dijo [Wed, Jun 22, 2016 at 07:58:43AM -0700]:
> > Now, I have said this too many times, but once more: As keyring-maint,
> > we are not collecting samples of people showing valid-looking ID
> > documents to others. This is one of the issues why we don't have
> > long-queue key signing
Jason Thomas dijo [Wed, Jun 22, 2016 at 02:38:52PM +1000]:
> Hi Gunnar,
> I'm basically in Sydney Australia, however finding time to meet people
> is difficult these days, with work, a wife and two little kids.
> I live in Penrith NSW, and work in Granville NSW. I do travel up and
> down the east c
On Wed, Jun 22, 2016 at 07:58:43AM -0700, Nikolaus Rath wrote:
> On Jun 21 2016, Gunnar Wolf wrote:
> > Now, I have said this too many times, but once more: As keyring-maint,
> > we are not collecting samples of people showing valid-looking ID
> > documents to others. This is one of the issues why
On Jun 21 2016, Gunnar Wolf wrote:
> Now, I have said this too many times, but once more: As keyring-maint,
> we are not collecting samples of people showing valid-looking ID
> documents to others. This is one of the issues why we don't have
> long-queue key signing parties: Just checking the ID o
Hi Gunnar,
I'm basically in Sydney Australia, however finding time to meet people
is difficult these days, with work, a wife and two little kids.
I live in Penrith NSW, and work in Granville NSW. I do travel up and
down the east coast of Australia and around Sydney for work, buts its
sporadic.
If a
Jason Thomas dijo [Mon, Jun 20, 2016 at 12:31:57PM +1000]:
> Hi all,
>
> I need to get my key signed, is anyone willing to work with me via
> video conferencing.
>
> I have uploaded my key to keyring.debian.org and I have also signed
> this message.
>
> I have a scan of my government issued driv
Hi Jason,
Quoting Jason Thomas (2016-06-20 04:31:57)
> I need to get my key signed, is anyone willing to work with me via
> video conferencing.
Not without first having exhausted other more reliable options.
Where in the World are you? Perhaps someone happens to be at a diner or
laundromat ju
Hi all,
I need to get my key signed, is anyone willing to work with me via
video conferencing.
I have uploaded my key to keyring.debian.org and I have also signed
this message.
I have a scan of my government issued drivers licence available.
fingerprint below:
gpg: using classic trust model
p
28 matches
Mail list logo
