[clug] request for comment: new keysigning protocol

Alex Satrapa grail at goldweb.com.au
Wed Feb 10 23:53:01 MST 2010

On 11/02/2010, at 17:42 , Steve McInerney wrote:

> On Thu, 2010-02-11 at 16:43 +1100, Alex Satrapa wrote:
>> Well, the process does insure that you have signed a key based on seeing someone carrying that key signature and an ID card that has the same name as the person who claims to own that key :)
> Perhaps, or rather: which proves what exactly? :-)

It proves that you signed a key that was offered to you by someone who carried an official ID with the same name as was presented with the key! And using the tank-tread method, all the keys signed at that event were processed very quickly!

I'm sure we've all heard the horror stories about PHBs deciding to impose "performance metrics" upon coders (aka "Key Performance Indicators"). So for example one company decided that "lines of code" was a good metric. So the developers started committing *thousands* of lines of code in a race for the end of month bonus. When the boss figured that one out, the metric switched from lines of code to "commits to the source code repository". At which point the programmers set up scripts to commit the same two changes (add a line "#foo" in one commit, delete that line in the next) over and over again.

Sure, keysigning parties get lots of keys signed very quickly. But is that really what you want?


More information about the linux mailing list