LWN: Comments on "Key signing in the pandemic era" https://lwn.net/Articles/831401/ This is a special feed containing comments posted to the individual LWN article titled "Key signing in the pandemic era". en-us Sat, 08 Nov 2025 11:49:41 +0000 Sat, 08 Nov 2025 11:49:41 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net Key signing in the pandemic era https://lwn.net/Articles/831968/ https://lwn.net/Articles/831968/ ballombe <div class="FormattedComment"> This was a convenient way to avoid multiple identities, which would be a problem for Debian, more than for other organizations (for example we hold election with 1 person = 1 vote).<br> Track record of contribution does not prevent multiple identities, on the contrary, the experience gained<br> establishing one identity carry to the other.<br> </div> Sun, 20 Sep 2020 18:01:00 +0000 Key signing in the pandemic era https://lwn.net/Articles/831902/ https://lwn.net/Articles/831902/ rra <div class="FormattedComment"> Agreed. Personally, I can&#x27;t build trust in someone by only meeting them in person. It&#x27;s by working with them through some period of time (weeks or months) that I build up trust. The new policy captures that: we&#x27;re now explicitly recognizing that form of trust via a track record of contributions. In a way it brings Debian more in line with other free software projects where membership was always based on contribution track records.<br> <p> What we lose is the strength of tie to a legal identity in case something really bad happens and we have to involve legal authorities. (It&#x27;s dubious how real that tie truly was; paperwork can obviously be forged, although that does raise the bar and risk for an attacker.) In practice I don&#x27;t think we&#x27;ve ever used that tie.<br> </div> Sat, 19 Sep 2020 05:47:24 +0000 Key signing in the pandemic era https://lwn.net/Articles/831685/ https://lwn.net/Articles/831685/ gerdesj <div class="FormattedComment"> I&#x27;m a relatively benign entity (I think.) <br> <p> I always use my real name on the internets (gerdesj == Jon Gerdes) apart from /. where I registered as JSG (my initials). I can&#x27;t remember why but there you go. I was a lurker for several years before I plucked up the courage to register. I think I am quite rare in that I do use my real identity in all my dealings on t&#x27; tubes. I may be miss-advised but I&#x27;m CREST accredited.<br> <p> Obviously, I would not recommend my approach for everyone.<br> <p> The pandemic has absolutely no bearing on trust in my opinion. I can chat with you at five meters and hence keep social distance. I can send you emails or chat on Jitsi. Trust is really a human thing. GPG is a mechanism that can facilitate trust but it can&#x27;t enforce it, nor provide evidence.<br> </div> Thu, 17 Sep 2020 00:42:42 +0000