Re: Signing Packages.gz

To: debian-devel@lists.debian.org
Subject: Re: Signing Packages.gz
From: Robert Bihlmeyer <robbe@orcus.priv.at>
Date: 10 Apr 2000 09:57:25 +0200
Message-id: <87g0suie1m.fsf@hoss.orcus.priv.at>
In-reply-to: Torsten Landschoff's message of "Tue, 4 Apr 2000 23:47:27 +0200"
References: <20000324124741.F30466@foursquare.net> <874s9u7lnk.fsf@hoss.orcus.priv.at> <20000326090034.E9092@azure.humbug.org.au> <20000326160220.C454@ulysses.dhis.net> <20000327083710.A30185@azure.humbug.org.au> <87wvmoyawk.fsf@hoss.orcus.priv.at> <20000328003108.A7874@azure.humbug.org.au> <878zywo36y.fsf@hoss.orcus.priv.at> <20000403133601.D24753@azure.humbug.org.au> <871z4nbe5t.fsf@hoss.orcus.priv.at> <20000404234727.A29693@wormhole.galaxy>

Torsten Landschoff <torsten@debian.org> writes:

> I will never revoke a signature I made on a key because somebody leaves
> Debian. That I signed that key tells people that he actually is that
> person. If he leaves Debian he is still that person.

There would be a special key (probably held by the debian-keyring
maintainer) to sign developer's keys. A valid signature by this key
will mean that the person in question is indeed a Debian developer.
When this is no longer the case, the signature must be revoked.

Of course developers, including the debian-keyring maintainer (using
his own key, not the special one) can leave their signatures on the
ex-developer's key.

-- 
Robbe

Reply to:

Follow-Ups:
- Re: Signing Packages.gz
  - From: Vincent Zweije <zweije@xs4all.nl>

References:
- Re: Signing Packages.gz
  - From: Robert Bihlmeyer <robbe@orcus.priv.at>
- Re: Signing Packages.gz
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: Signing Packages.gz
  - From: Robert Bihlmeyer <robbe@orcus.priv.at>
- Re: Signing Packages.gz
  - From: Torsten Landschoff <torsten@debian.org>

Prev by Date: Re: RC-bugs, horizons and all that...
Next by Date: Re: Fed up by Lazarus Long ...
Previous by thread: Re: Signing Packages.gz
Next by thread: Re: Signing Packages.gz
Index(es):
- Date
- Thread