incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Holeczek <>
Subject Re: key signing
Date Wed, 10 Oct 2012 18:42:40 GMT
Hi Marvin,

> On Wed, Oct 10, 2012 at 8:11 AM, Florian Holeczek <> wrote:
>> However, what would now be totally wrong IMO is, that some guys in the ASF
>> redefine these rules in order to make the process of release signing more
>> simple. In the WoT big picture, this would automatically mean that every key
>> that is signed based on these weak rules would have to be marked as
>> marginally trusted (if at all) by people who want to really follow the
>> PGP/GPG WoT concept.
> In my opinion, we have sufficient expertise here at the ASF to devise an
> authentication protocol whose reliability exceeds that of individuals
> participating unsupervised in a web of trust, particularly if the protocol
> were to incorporate archived video and auditing by a PMC.

that may well be. Having read most of the mails on this thread, I was kind of shocked by how
carelessly some would sign a key though, too, and that's what I meant by weak rules.
Defining a good key signing protocol containing multiple factors, like you've mentioned in
a different mail on this thread, would certainly help here, that's true.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message