On Thursday 04 May 2006 21:59, Karsten Wade <kwade@xxxxxxxxxx> wrote: > > Missed opportunity at the last FUDCon for a keysigning. Why don't we > care about those anymore? Don't we need a strong web of trust for > Fedora keys to mean anything themselves? > > Is there any way we can do keysigning parties not in person? For > example ... > > Okay, I started to write out a process that included pictures of > ourselves signed and encrypted and verified ... and it was crazier than > ever. > > Anyone want to start a Fedora Keys SIG that works to get _everyone_ to > pause for a keysigning wherever two Fedorans meet in the meat? > Others may have a different view, but I don't see meeting in person as a requirement for trust among Fedora contributors. The real purpose of requiring face-to-face contact is to allow identities to be verified. Since we are identified to each other by our contributions, we have less of a need to attach a GPG key to a face and more need to attach a GPG key to a contributor identity. This can be accomplished through regular usage of keys. For example, since I always sign my messages, and you can be reasonably sure of my contributor identity, you can infer that it is safe to trust the key that I regularly sign with. It would be just as easy for someone to show up at a FUDCon with an ID card that has my name on it and claim to be me for the sake of getting their key signed, and that's why face-to-face keysigning parties aren't as useful for Fedora contributors. -- Patrick "The N-Man" Barnes nman64@xxxxxxxxx http://www.n-man.com/ LinkedIn: http://www.linkedin.com/in/nman64 Have I been helpful? Rate my assistance! http://rate.affero.net/nman64/ --
Attachment:
pgptdYvf2MGXB.pgp
Description: PGP signature
-- fedora-docs-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-docs-list
