incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <>
Subject Re: key signing
Date Wed, 10 Oct 2012 16:04:55 GMT
On Wed, Oct 10, 2012 at 8:11 AM, Florian Holeczek <> wrote:
> However, what would now be totally wrong IMO is, that some guys in the ASF
> redefine these rules in order to make the process of release signing more
> simple. In the WoT big picture, this would automatically mean that every key
> that is signed based on these weak rules would have to be marked as
> marginally trusted (if at all) by people who want to really follow the
> PGP/GPG WoT concept.

In my opinion, we have sufficient expertise here at the ASF to devise an
authentication protocol whose reliability exceeds that of individuals
participating unsupervised in a web of trust, particularly if the protocol
were to incorporate archived video and auditing by a PMC.

That said, persuading others that no corners are being cut may be a more
daunting challenge. :P

Marvin Humphrey

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message