2011-12-21 15:21:32 fauno what if: to be a packager you need to have the support of 3+ people, represented by a gpg signature with a notation 2011-12-21 15:21:50 fauno people being people in general 2011-12-21 15:22:08 fauno != your three fake ids 2011-12-21 15:30:29 encyclomundi fauno: sounds fine, although why not two parabolists? 2011-12-21 15:30:57 fauno encyclomundi: instead of? 2011-12-21 15:31:14 encyclomundi 3+ generic people 2011-12-21 15:31:31 fauno well 3 is kinda required by openpgp 2011-12-21 15:31:38 encyclomundi ok 2011-12-21 15:31:46 fauno 3 marginal signatures for trust them all 2011-12-21 15:32:03 fauno as of parabolists... how do you check they are? 2011-12-21 15:32:12 fauno by signing their keys with a parabola user notation? :P 2011-12-21 15:32:19 encyclomundi from hanging around in here 2011-12-21 15:32:23 encyclomundi emails on the list 2011-12-21 15:32:26 encyclomundi bug reports 2011-12-21 15:32:37 fauno mmm that would be ok i guess 2011-12-21 15:32:47 fauno so 3+ other parabolists 2011-12-21 15:33:17 encyclomundi yes and the hackers could sign each others to the extent they feel comfortable...at the mid-level verification 2011-12-21 15:33:23 fauno the idea was to include people from the fs community, regardless of being parabola involved 2011-12-21 15:34:10 fauno we need to know if a signature can use more than one notation and/or notations can be changed 2011-12-21 15:34:29 fauno i signed mtjm's with a notation for packager 2011-12-21 15:34:40 encyclomundi i see 2011-12-21 15:34:54 fauno but when i tried to resign with a different value gpg told me nothing needed to change 2011-12-21 15:35:06 -- Apodos #parabola: [@ChanServ aurelien dangar4l digitteknohippi1 Draconx Emulatorman encyclomundi ErkanYilmaz fauno Jorginho1 Khady Killman Miga mtjm n1md4 pbot pbot-ng prurigro redskull rumina samgee Shackra ShideR xylon] 2011-12-21 15:35:06 -- Canal #parabola: 24 apodos (1 op, 0 semi-ops, 0 voces, 23 normales) 2011-12-21 15:35:14 encyclomundi fauno: yes i don't think it's that sophisticated 2011-12-21 15:35:38 fauno notations are under the "things you don't want to do" on gpg manpage 2011-12-21 15:35:50 encyclomundi :) 2011-12-21 15:36:05 fauno (i was suggested using notations by dkg, who apparently is lobbying for them from a time now) 2011-12-21 15:36:24 encyclomundi overly complicated. not KISS 2011-12-21 15:36:35 fauno this is a remix of the idea of using gpg signatures to represent direct democracy :D 2011-12-21 15:36:44 fauno encyclomundi: what? 2011-12-21 15:36:49 encyclomundi the notations 2011-12-21 15:36:57 fauno why? 2011-12-21 15:36:58 pbot Why not? 2011-12-21 15:37:15 encyclomundi because with gpg we are saying trust/not trust 2011-12-21 15:37:21 encyclomundi it's binary 2011-12-21 15:37:40 encyclomundi and the notations aren't always seen evaluated 2011-12-21 15:37:50 encyclomundi how would the gpg match in mutt for instance deal with a notation? 2011-12-21 15:38:24 fauno you have to add --show-notations to --list-sigs 2011-12-21 15:39:13 encyclomundi but what is gained? 2011-12-21 15:39:18 encyclomundi for this effort? 2011-12-21 15:39:53 fauno as you said a signature is trust/not trust 2011-12-21 15:40:03 fauno it's a general trust 2011-12-21 15:40:15 fauno doesn't mean "i trust X to do Y" 2011-12-21 15:40:47 fauno (we can always make scripts to sign with notations) 2011-12-21 15:43:14 fauno http://www.mail-archive.com/debian-devel@lists.debian.org/msg273820.html 2011-12-21 15:43:15 pbot Uh oh, www.mail-archive.com/80 Name or service not known 2011-12-21 15:43:24 encyclomundi well access to the repo is our trust for packaging 2011-12-21 15:43:27 fauno (though debian is not an example of kiss) 2011-12-21 15:43:37 encyclomundi i have to go now :( back later 2011-12-21 15:43:46 fauno i'll paste this on the thread