incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: key signing
Date Wed, 10 Oct 2012 14:19:08 GMT

On 10 Oct 2012, at 12:20, Benson Margulies wrote:

> Nick: On the one hand, how is trusting the Apache process better or
> worse than trusting the State of Massachusetts?

When I sign a key I'm basing it on more information than that.

Either it's a one-off, when I have additional knowledge of someone:
e.g. a personal or working relationship.  Or it's a keysigning party,
when I'm one of many.  In the latter case, if I'm signing keys at
ApacheCon and someone I've never met identifies himself as
Benson Margulies, I have not only the passport but a room full
of Apache folks - some of whom surely know Benson Margulies
well - to reassure me.

Nick Kew

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message