[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4E8914AF.3060902@zytor.com>
Date: Sun, 02 Oct 2011 18:49:35 -0700
From: "H. Peter Anvin" <hpa@...or.com>
To: Ben Pfaff <blp@...stanford.edu>
CC: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: kernel.org status: establishing a PGP web of trust
On 10/02/2011 06:18 PM, Ben Pfaff wrote:
> "H. Peter Anvin" <hpa@...or.com> writes:
>
>> 5. Get as many other kernel developers that you have physical access to
>> to sign your key after verifying the fingerprint. Verifying keys
>> over the phone is OK if and only if you know them *extremely* well;
>> think "would I be willing to testify in court that the person I
>> talked to was X"?
>
> There is already an extensive Debian web of trust, and along with
> it a keysigning coordination effort and even a long list of
> Debian developers who offer to sign keys, with their physical
> locations and email addresses:
> http://wiki.debian.org/Keysigning/Offers
>
> I wonder whether either effort would benefit from joining forces?
> I am also sure that there is overlap between Debian developers
> and kernel developers.
There almost certainly is, and keep in mind that there isn't really "a
Debian web of trust" and "a kernel web of trust"... there is a "PGP web
of trust" as long as people upload their signatures to the shared
keyserver system.
-hpaq
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists