[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Mon, 29 Apr 2013 11:22:36 +0100 Philip Hudson <phil.hudson@xxxxxxxxx> wrote: > True, true, true, and necessarily true, but... WRT "the system isn't > perfect" and "first approximation: zero": How long have you and I been > members of this LUG? How many others in the LUG have GPG keys? How > many have signed mine? Zero. How many have I signed? Zero. When and > where am I *ever* going to find anyone more likely to do key-signing > than in a LUG? Never and nowhere. Most of the signatures on my key have involved (international) travel. All of the signatures which got my key into the strong set involved travel within the UK, sadly those particular events no longer occur. I sign all emails simply because it's a lot easier than trying to only sign for certain lists or certain recipients. (This has become less of a problem now that Outlook Express has attachment handling which mostly works.) Key signing is something which happens organically within an interested group where there is some sort of incentive to being signed. That incentive is clear within Debian - not enough signatures, you cannot upload to the archive. In a LUG situation, there is no real incentive. Key signing is also somewhat less than ideal when done en masse at huge conferences - it is far better done between people who already know each other outside of the signing event, which is where the LUG can help. If the only time you are going to correspond with someone is when you are signing their key, then don't sign their key! (There are a number of signatures on my key which fail that test, I've learnt not to do more signings like those.) The only real incentive outside of Debian uploads is to get your key into the strong set which means getting it signed by your nearest Debian Developer. Failing that, someone who has been signed by your nearest Debian Developer. http://pgp.cs.uu.nl/stats/28BCB3E3.html > OK, light a candle rather than curse the darkness. Be it hereby > resolved that at all future LUG meetings, the middle order of > business, allowing for latecomers and early leavers, shall be key- > signing. All in favour? I'm too far away to attend DCGLUG events. I relocated to Cambridge to be closer to Debian people. Honestly, I don't think GnuPG keys and key signatures really matter inside DCGLUG - with no requirement for signed uploads or no infrastructure to use GnuPG authentication elsewhere, it's just a curiosity. Overall, unless you need a GnuPG key signed in order to interact with an online community in a particular way, it is unlikely that you will get many signatures on the key. It's a tool, not an end in and of itself. -- Neil Williams <linux@xxxxxxxxxxxxxx>
Attachment:
pgpWrTceNmu0i.pgp
Description: PGP signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq