On Thu, Apr 28, 2016 at 09:09:44AM -0700, Stefan Beller wrote: > > I think the key thing with a blacklist is somebody has to go to the work > > to audit the existing keys. > > Would it be sufficient to wait until someone screams at the mailing list > for some key to be blacklisted? (I mean in the short term that would be > of less quality, but relying on the larger community would result in a better > end result? So your going through is just a jump start this process of > listening to the community?) Yeah, I think ultimately we will rely on the community. But I would feel a lot more comfortable if somebody made at least a single pass. I'll be curious what Junio says, too. I generally defer to him on how conservative we want to be in cases like this. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html