incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <mar...@rectangular.com>
Subject Re: key signing
Date Wed, 10 Oct 2012 16:04:55 GMT
On Wed, Oct 10, 2012 at 8:11 AM, Florian Holeczek <florian@holeczek.de> wrote:
> However, what would now be totally wrong IMO is, that some guys in the ASF
> redefine these rules in order to make the process of release signing more
> simple. In the WoT big picture, this would automatically mean that every key
> that is signed based on these weak rules would have to be marked as
> marginally trusted (if at all) by people who want to really follow the
> PGP/GPG WoT concept.

In my opinion, we have sufficient expertise here at the ASF to devise an
authentication protocol whose reliability exceeds that of individuals
participating unsupervised in a web of trust, particularly if the protocol
were to incorporate archived video and auditing by a PMC.

That said, persuading others that no corners are being cut may be a more
daunting challenge. :P

Marvin Humphrey

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message