Re: Signing Packages.gz
Torsten Landschoff <torsten@debian.org> writes:
> I will never revoke a signature I made on a key because somebody leaves
> Debian. That I signed that key tells people that he actually is that
> person. If he leaves Debian he is still that person.
There would be a special key (probably held by the debian-keyring
maintainer) to sign developer's keys. A valid signature by this key
will mean that the person in question is indeed a Debian developer.
When this is no longer the case, the signature must be revoked.
Of course developers, including the debian-keyring maintainer (using
his own key, not the special one) can leave their signatures on the
ex-developer's key.
--
Robbe
Reply to: