Re: kernel.org status: establishing a PGP web of trust

From: Frank Ch. Eigler
Date: Tue Oct 04 2011 - 19:18:06 EST

Next message: Grant Likely: "Re: [PATCH v2 6/7] clk: Add initial WM831x clock driver"
Previous message: Axel Lin: "[PATCH] ASoC: Remove impossible case from wm8994_hw_params"
In reply to: Adrian Bunk: "Re: kernel.org status: establishing a PGP web of trust"
Next in thread: Valdis . Kletnieks: "Re: kernel.org status: establishing a PGP web of trust"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi -

On Wed, Oct 05, 2011 at 01:39:32AM +0300, Adrian Bunk wrote:

> [...] But the semantics of PGP key signing is that you certify that
> you verified that a photo ID of that person matches the name on the
> key. [...]

But that's begging the question. The semantics are what you want them
to be. Some keysigning parties take this super seriously, and maybe
with strangers there's some room for this. But in the end, when *I*
see a key with someone else's signature on it, there is no proof how
rigorously they investigated the person. The "reliable identity" part
of the web of trust is only one hop deep.

- FChE

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Grant Likely: "Re: [PATCH v2 6/7] clk: Add initial WM831x clock driver"
Previous message: Axel Lin: "[PATCH] ASoC: Remove impossible case from wm8994_hw_params"
In reply to: Adrian Bunk: "Re: kernel.org status: establishing a PGP web of trust"
Next in thread: Valdis . Kletnieks: "Re: kernel.org status: establishing a PGP web of trust"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]