On Mon, Jun 27, 2016 at 05:12:42PM +0200, Nicolas Braud-Santoni wrote:
> On Mon, Jun 27, 2016 at 02:05:18PM +0200, Wouter Verhelst wrote:
> >
> > It's too late for this now, but for future reference:
> > [...]
> > note the "XMPP only" bit on some of the UIDs; i.e., I don't (often) read mail
> > sent there.
> >
> > Comments *are* part of the UID, and should *not* be dropped.
>
> Hi,
>
> Since the comments are part of the UID, people will definitely see
> them in gpg: that they are not printed in the paper list is not
> very relevant.
I think it is.
> Moreover, comments on UIDs are somewhat problematic: as you pointed out,
> comments are part of UIDs. Where I to sign “Wouter Verhelst (Legacy
> e-mail) <wouter@grep.be>”, am I certifying that this is your “legacy”
> mail address? How would I even check?
You can't, but that's not the point.
> (In my particular case, I publish a signing policy stating I do not
> certify comments, but that's more of a kludge than anything.)
>
> You can also look at dkg's take on this [0]:
>
> https://debian-administration.org/users/dkg/weblog/97
He makes some valid points, but that doesn't necessarily mean we should
drop comments in lists of keys for signing parties. They exist, they are
part of the UID, and they have some valid uses (even if they're mostly
misused today). The fact that they often contain junk does not change
that.
--
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
people in the world who think they really understand all of its rules,
and pretty much all of them are just lying to themselves too.
-- #debian-devel, OFTC, 2016-02-12
Attachment:
signature.asc
Description: PGP signature