Skip to content

Entries tagged "trust".

Push the button

Martin f. Krafft wrote about the Edinburgh Keysigning, and I find his post very interesting.

I did not take part in either keysigning. The first one I missed because I was in the sauna (which was a lot of fun). The second I missed because my uncle died that evening (which was less fun; but mostly expected).

So I expected to receive no new signatures:

skx@vain:~/Debian/Etch/hiki$ gpg-get-key
No key specified, defaulting to Steve's.
Updating key from keyring.debian.org
gpg: requesting key CD4C0D9D from hkp server keyring.debian.org
gpg: key CD4C0D9D: "Steve Kemp " 18 new signatures

So 18 several people signed my key without checking for valid identification. Is that good? Is that bad? I think it is appalling. But maybe I'm taking it too seriously.

(I just realised 18 sigs != 18 people. So not quite as bad as I initially thought.)