incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noah Slater <>
Subject Re: key signing
Date Tue, 16 Oct 2012 14:10:53 GMT
It had to be done, given this thread's epic proportions... ;)

[image: Identity]

On Fri, Oct 5, 2012 at 1:04 PM, Benson Margulies <>wrote:

> I'm offering this discussion here, but it might need to go elsewhere
> if it goes anywhere at all.
> It seems to me that the there is a gap in the incubation process, and
> I don't know how to fill it.
> As far as I can see, we don't do anything to facilitate or encourage
> getting PGP keys signed. We tell people to create a key and put it in
> the SVN 'keys' file.
> Key signing strikes me as a bit of a conundrum for us. In all other
> respects, we emphasize that anyone, anywhere, in any time zone, can be
> a full member of a community. However, key signing requires something
> else. [1] Generally, it requires a face-to-face interaction.
> It is perhaps interesting to note that the foundation accepts CLAs as
> legally binding without any face-to-face identity verification. If you
> send in a CLA with a signature, we believe it, and we believe that the
> email address you provide is, in fact, controlled by the legal person
> who signed the form.
> I wonder, then, if secretary@ should be willing to sign a key.
> Alternatively, since the chain is CLA -> svn access -> unsigned key in
> svn, perhaps all we really need is to document that a signature
> corresponding to a key in svn is really good enough, and users need
> not be concerned further.
> [1]:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message