On 28/06, Martin Michlmayr wrote:
| * Mark Brown <[EMAIL PROTECTED]> [20010628 16:53]:
| > Does the GPG key need to be signed or does it just need to exist? I
| > had been under the impression that other forms of identification
| > were still possible, though severely discouraged.
|
| Yeah, those forms still exist. The web site even says
|
| Do you yet have a GPG key signed by a current developer or some
| other photo ID scanned in and signed with your GPG key?
|
| But I usually talk of 'signed keys' because that's the preferred
| method and because it is usually possible to get a signature these
| days.
I also think that Debian should accept scanned IDs signed with a trusted
X509 key (as the one issued for free by Thawte (http://www.thawte.com/)). This
would allow people who went through the heavy Thawte id checking to have
their identity trusted by the Debian project.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]