Web-of-Trust of ubuntu-dev gpg keys (was: Motu application for Emanuele Gentili (emgent))

Scott Kitterman ubuntu at kitterman.com
Wed Jul 9 14:05:36 BST 2008


On Wed, 9 Jul 2008 14:54:45 +0200 Michael Bienia <michael at vorlon.ping.de> 
wrote:
>[ moving that part of the discussion to ubuntu-motu ]
>
>On 2008-07-09 14:16:33 +0200, Stephan Hermann wrote:
>> And with the Ubuntu Environment in general, giving out upload rights to
>> known contributors, we are showing to us and them that we trust those
>> people. I wonder if we still have this "you need at least one ubuntu
>> maintainer, debian maintainer who signed your gpg key" rule. 
>
>Was there ever such a rule?
>

Copying my response on the MC list here ...

No. No such rule is operative.  We currently have no rule needing to know 
someone's real world identity.  We base 'known contributor' on Launchpad 
identity.  I think that's OK.  Upload rights are tied to known performance.

Scott K




More information about the Motu-council mailing list