Quoting Martin Quinson ([EMAIL PROTECTED]): > Of course, the signature is not sufficient to get the needed trust. But I'm > coordinator of the french translation team since a few years, so my skills > should be trustable, I guess. > > But the point is that without the key, anyone can forge mails which seem to > come from me, and thus abuse the trust my work gained me in the mind of some > DDs. > > I see this point as necessary even if not sufficient.
Sure, this certainly is a good point. This leads this discussion elsewhere : the main point is again not the problem of GPG keys....but probably the status of contributors who are not DD's...(translators, documentation writers, web maintainers....) A recent thread in debian-devel-french occurred when Patrice K.* 's application was dropped because he does not maintain any package.... As far as I can remember, this topic is periodically raised here or there....we're maybe always beating the same dead horse.....but it seems that the horse is not suite dead.. :-)
