pqm at canonical.com key needs a new email, and some signatures
John A Meinel
john at arbash-meinel.com
Mon May 8 19:59:01 BST 2006
I just updated my 'verify-sigs' command so that it checks the output of
'gpg --verify' to make sure that the revision was signed by the
committer, and not just some random signature.
In the process, I found out that the pqm, which is committing as
"pqm at pqm.ubuntu.com" is signing using a key that only has the email
address "pqm at canonical.com".
So it would be nice if we could update pqm's key with whatever email
addresses it uses.
Also, pqm at canonical.com is not in my web of trust. What is the proper
etiquette for signing keys that belong to an automated system, rather
than a human being. (It isn't really possible to check 2 forms of ID :)
I'm willing to sign its key (especially if we add pqm at pqm.ubuntu.com),
but I don't want to mess up the web of trust because I'm signing an
automaton. So I figured to wait until I heard from someone like jblack
to see what the correct etiquette is.
John
=:->
More information about the bazaar
mailing list