Adrian Bunk dijo [Fri, Aug 07, 2020 at 04:46:18PM +0300]:
> Why are you requiring key signing at all when it has no defined semantics?
> Many DDs check only the government issued photo ID for signing a key and 
> this is also how keysigning parties work, but if this is considered 
> optional there is do defined meaning to a signature.
> If you as DAM do not have a problem if DDs have own policies that do not 
> require checking a government issued photo ID, then I do not see why the 
> key signing requirement exists at all.

FWIW, and as I said in my other mail - Each of the three keyring-maint
members have different policies.

The word "trust" also has many different meanings and values, but we
treat it as a binary thing here - Do two people trust the person
controlling 0x0000DEADBEEF0000 to be Gunnar Wolf or not? If so, we
accept. If not, we don't. And yes, we have made some exceptions and
jumped through some hoops to adapt to reality, but that's the trust
level we can impose without our requirements breaking down into chaos.

We had quite a hard time in 2015 when we did the <2048b purge. But we
managed not to loosen our requirements.

Reply via email to