On 15892 March 1977, Michael Richardson wrote:
> A natural person may only have one identity in Debian.
> This was effectively enforced before by requiring cross-signing
> keys,
> and relying on people doing the cross-signing to have key
> signing
> policies strong enough to reliably connect a key to a person.
Does "one identity" mean one key, or one u...@debian.org?
It means one identity. Translatable to user@
I ask, because the occasional need to generate a new key from scratch
means
giving up many cross-signatures. People often keep the old key alive
for
awhile for this reason. I kept my 1994 era generated PGP2 format key
alive
until at least 2010, even though it was too weak for new things.
My current key goes back to 2005, and it never got as many signatures
as the
old key.
Thats why we said nothing about the keys.
--
bye, Joerg
