On Wed, Feb 18, 2004 at 10:22:22AM +0100, Adrian 'Dagurashibanipal' von Bidder wrote: > On Tuesday 17 February 2004 19.52, Thomas Viehmann wrote: > > Goswin von Brederlow wrote: > > > Having a new-maintainer keyring, to which keys could get added by any > > > AM after it has been verified, and checking the signature on the dsc > > > files against it sounds good to. And the keyring would be usefull for > > > other purposes too. > > > > Why not just check if the key is signed by a key in the debian keyring? > > This could be done completely automatically. > > There are many people who got a signature by a DD's key who are not applying > for DDship, probably never will, and who probably should not be able to > upload to your queue. Getting a signature is just a confirmation of identity, > after all.
Yeah, I'm not overly keen on the idea of automatically allowing anyone signed by a DD to upload, but since a DD should be checking the upload anyway, the problem isn't as nasty as it might seem. I'm leaning towards the idea of a "sponsee keyring", containing NMs and potential NMs. The only requirement would be a stated desire to be a maintainer and some sort of trust link into Debian (direct signature probably not required). Ideally, that'd eventually become a "your key must be in here to be a sponsored maintainer" requirement, but that is *so* *far* beyond what I've get any hope in hell of mandating, I'm not going within a million miles of that. - Matt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
