pqm at canonical.com key needs a new email, and some signatures
Martin Pool
mbp at sourcefrog.net
Tue May 9 09:17:38 BST 2006
On 8 May 2006, John A Meinel <john at arbash-meinel.com> wrote:
> I just updated my 'verify-sigs' command so that it checks the output of
> 'gpg --verify' to make sure that the revision was signed by the
> committer, and not just some random signature.
>
> In the process, I found out that the pqm, which is committing as
> "pqm at pqm.ubuntu.com" is signing using a key that only has the email
> address "pqm at canonical.com".
> So it would be nice if we could update pqm's key with whatever email
> addresses it uses.
>
> Also, pqm at canonical.com is not in my web of trust. What is the proper
> etiquette for signing keys that belong to an automated system, rather
> than a human being. (It isn't really possible to check 2 forms of ID :)
>
> I'm willing to sign its key (especially if we add pqm at pqm.ubuntu.com),
> but I don't want to mess up the web of trust because I'm signing an
> automaton. So I figured to wait until I heard from someone like jblack
> to see what the correct etiquette is.
I think what you want is something like
gpg --edit-key pqm at pqm.ubuntu.com
> trust
2 (I do *NOT* trust)
> sign
meaning that you believe this is pqm's key, but you do not trust it to
sign other keys.
--
Martin
More information about the bazaar
mailing list