peter green dijo [Sun, Aug 31, 2014 at 01:27:11PM +0100]: > Jonathan McDowell wrote: > >I would ask that DDs make some effort to help > >those with weak keys get their new, stronger keys signed. Please sign > >responsibly[4], > If you have signed someones old key is it considered "responsible" > to sign their new key based on a transition statement signed by the > old key? or is a new face-to-face meeting required? I've seen plenty > of (sometimes conflicting) advice on signing keys of a person you > have never signed keys for before but not much on the transition > situation. (note: this is a general question to consider, I'm not > personally in a position where it would apply)
As you saw through others' answers to your question, it varies a lot. I personally also don't sign based on transition documents, but would do so in case the requester *really* needed it. Now, I know that if at some point my key were to be compromised, I'd also be in a "needy" situation (as I'm currently the only DD in a ~1000Km radius), and would have to find a way out. I have found several people who would sign based on transition documents, and it's also OK. It's completely a personal issue, although it does impact us all as a project. Yes, at some point we will need to make our rules a *little* bit more flexible, but I'd prefer that flexibility to be made on specific accounts' behalf (i.e. either by DAM or by keyring-maint, and based on specific checks such as a phone verification) than to suggest to everybody to relax. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140908023701.ga124...@gwolf.org